Simplify settings files (#8001)

settings.py

@@ -12,7 +12,6 @@ from olympia.lib.settings_base import *  # noqa
 WSGI_APPLICATION = 'olympia.wsgi.application'
 
 DEBUG = True
-DEBUG_PROPAGATE_EXCEPTIONS = False
 
 # These apps are great during development.
 INSTALLED_APPS += (
@@ -54,10 +53,6 @@ SESSION_COOKIE_DOMAIN = None
 
 CELERY_TASK_ALWAYS_EAGER = False
 
-# If you want to allow self-reviews for add-ons/apps, then enable this.
-# In production we do not want to allow this.
-ALLOW_SELF_REVIEWS = True
-
 # Assuming you did `npm install` (and not `-g`) like you were supposed to, this
 # will be the path to the `lessc` executable.
 LESS_BIN = os.getenv('LESS_BIN', path('node_modules/less/bin/lessc'))
@@ -89,6 +84,7 @@ TASK_USER_ID = 10968
 # Set to True if we're allowed to use X-SENDFILE.
 XSENDFILE = False
 
+ALLOW_SELF_REVIEWS = True
 
 AES_KEYS = {
     'api_key:secret': os.path.join(
@@ -107,7 +103,7 @@ FXA_CONFIG = {
         'redirect_url': 'http://olympia.test/api/v3/accounts/authenticate/',
         'scope': 'profile',
     },
-    'internal': {
+    'amo': {
         'client_id': '0f95f6474c24c1dc',
         'client_secret':
             'ca45e503a1b4ec9e2a3d4855d79849e098da18b7dfe42b6bc76dfed420fc1d38',
@@ -129,7 +125,6 @@ FXA_CONFIG = {
         'scope': 'profile',
     },
 }
-FXA_CONFIG['amo'] = FXA_CONFIG['internal']
 ALLOWED_FXA_CONFIGS = ['default', 'amo', 'local']
 
 # CSP report endpoint which returns a 204 from addons-nginx in local dev.
@@ -137,7 +132,6 @@ CSP_REPORT_URI = '/csp-report'
 
 # Allow GA over http + www subdomain in local development.
 HTTP_GA_SRC = 'http://www.google-analytics.com'
-CSP_FRAME_SRC += ('https://www.sandbox.paypal.com',)
 CSP_IMG_SRC += (HTTP_GA_SRC,)
 CSP_SCRIPT_SRC += (HTTP_GA_SRC, "'self'")
 
@@ -146,10 +140,6 @@ INBOUND_EMAIL_SECRET_KEY = 'totally-unsecure-secret-string'
 # Validation key we need to send in POST response.
 INBOUND_EMAIL_VALIDATION_KEY = 'totally-unsecure-validation-string'
 
-# For the Github webhook API.
-GITHUB_API_USER = ''
-GITHUB_API_TOKEN = ''
-
 # If you have settings you want to overload, put them in a local_settings.py.
 try:
     from local_settings import *  # noqa

settings_test.py

@@ -2,7 +2,11 @@
 from settings import *  # noqa
 
 # Make sure the app needed to test translations is present.
-INSTALLED_APPS += TEST_INSTALLED_APPS
+INSTALLED_APPS += (
+    'olympia.translations.tests.testapp',
+)
+# Make sure the debug toolbar isn't used during the tests.
+INSTALLED_APPS = [app for app in INSTALLED_APPS if app != 'debug_toolbar']
 
 # See settings.py for documentation:
 IN_TEST_SUITE = True
@@ -47,11 +51,6 @@ CACHES = {
 # Overrides whatever storage you might have put in local settings.
 DEFAULT_FILE_STORAGE = 'olympia.amo.utils.LocalFileStorage'
 
-ALLOW_SELF_REVIEWS = True
-
-# Make sure the debug toolbar isn't used during the tests.
-INSTALLED_APPS = [app for app in INSTALLED_APPS if app != 'debug_toolbar']
-
 TASK_USER_ID = 1337
 
 # Make sure we have no replicas and only one shard to allow for impedent
@@ -59,9 +58,6 @@ TASK_USER_ID = 1337
 ES_DEFAULT_NUM_REPLICAS = 0
 ES_DEFAULT_NUM_SHARDS = 1
 
-# Ensure that exceptions aren't re-raised.
-DEBUG_PROPAGATE_EXCEPTIONS = False
-
 # Set to True if we're allowed to use X-SENDFILE.
 XSENDFILE = True
 

src/olympia/accounts/tests/test_views.py

@@ -51,7 +51,6 @@ SKIP_REDIRECT_FXA_CONFIG = {
 
 @override_settings(FXA_CONFIG={
     'default': FXA_CONFIG,
-    'internal': FXA_CONFIG,
     'skip': SKIP_REDIRECT_FXA_CONFIG,
 })
 class BaseAuthenticationView(APITestCase, PatchMixin,

src/olympia/conf/dev/settings.py

@@ -25,19 +25,12 @@ EMAIL_PORT = EMAIL_URL['EMAIL_PORT']
 EMAIL_BACKEND = EMAIL_URL['EMAIL_BACKEND']
 EMAIL_HOST_USER = EMAIL_URL['EMAIL_HOST_USER']
 EMAIL_HOST_PASSWORD = EMAIL_URL['EMAIL_HOST_PASSWORD']
-EMAIL_QA_ALLOW_LIST = env.list('EMAIL_QA_ALLOW_LIST')
-EMAIL_DENY_LIST = env.list('EMAIL_DENY_LIST')
 
 ENV = env('ENV')
-DEBUG = False
-DEBUG_PROPAGATE_EXCEPTIONS = False
-SESSION_COOKIE_SECURE = True
 RAISE_ON_SIGNAL_ERROR = True
 
 API_THROTTLE = False
 
-REDIRECT_SECRET_KEY = env('REDIRECT_SECRET_KEY')
-
 DOMAIN = env('DOMAIN', default='addons-dev.allizom.org')
 SERVER_EMAIL = 'zdev@addons.mozilla.org'
 SITE_URL = 'https://' + DOMAIN
@@ -48,12 +41,6 @@ MEDIA_URL = '%s/user-media/' % CDN_HOST
 
 SESSION_COOKIE_DOMAIN = ".%s" % DOMAIN
 
-# Filter IP addresses of allowed clients that can post email through the API.
-ALLOWED_CLIENTS_EMAIL_API = env.list('ALLOWED_CLIENTS_EMAIL_API', default=[])
-# Auth token required to authorize inbound email.
-INBOUND_EMAIL_SECRET_KEY = env('INBOUND_EMAIL_SECRET_KEY', default='')
-# Validation key we need to send in POST response.
-INBOUND_EMAIL_VALIDATION_KEY = env('INBOUND_EMAIL_VALIDATION_KEY', default='')
 # Domain emails should be sent to.
 INBOUND_EMAIL_DOMAIN = env('INBOUND_EMAIL_DOMAIN',
                            default='addons-dev.allizom.org')
@@ -108,17 +95,8 @@ CACHES['default']['TIMEOUT'] = 500
 CACHES['default']['BACKEND'] = 'caching.backends.memcached.MemcachedCache'
 CACHES['default']['KEY_PREFIX'] = CACHE_PREFIX
 
-SECRET_KEY = env('SECRET_KEY')
-
-LOG_LEVEL = logging.DEBUG
-
 # Celery
-CELERY_BROKER_URL = env('CELERY_BROKER_URL')
-
-CELERY_TASK_IGNORE_RESULT = True
-CELERY_WORKER_DISABLE_RATE_LIMITS = True
 CELERY_WORKER_PREFETCH_MULTIPLIER = 1
-CELERY_RESULT_BACKEND = env('CELERY_RESULT_BACKEND')
 
 LOGGING['loggers'].update({
     'amqp': {'level': logging.WARNING},
@@ -142,28 +120,13 @@ REDIS_BACKENDS = {
 
 CACHE_MACHINE_USE_REDIS = True
 
-# Old recaptcha V1
-RECAPTCHA_PUBLIC_KEY = env('RECAPTCHA_PUBLIC_KEY')
-RECAPTCHA_PRIVATE_KEY = env('RECAPTCHA_PRIVATE_KEY')
-# New Recaptcha V2
-NOBOT_RECAPTCHA_PUBLIC_KEY = env('NOBOT_RECAPTCHA_PUBLIC_KEY')
-NOBOT_RECAPTCHA_PRIVATE_KEY = env('NOBOT_RECAPTCHA_PRIVATE_KEY')
-
 csp = 'csp.middleware.CSPMiddleware'
 
-RESPONSYS_ID = env('RESPONSYS_ID')
-
 ES_TIMEOUT = 60
 ES_HOSTS = env('ES_HOSTS')
 ES_URLS = ['http://%s' % h for h in ES_HOSTS]
 ES_INDEXES = dict((k, '%s_%s' % (v, ENV)) for k, v in ES_INDEXES.items())
 
-STATSD_HOST = env('STATSD_HOST')
-STATSD_PREFIX = env('STATSD_PREFIX')
-
-GRAPHITE_HOST = env('GRAPHITE_HOST')
-GRAPHITE_PREFIX = env('GRAPHITE_PREFIX')
-
 CEF_PRODUCT = STATSD_PREFIX
 
 NEW_FEATURES = True
@@ -174,20 +137,12 @@ CLEANCSS_BIN = 'cleancss'
 UGLIFY_BIN = 'uglifyjs'
 ADDONS_LINTER_BIN = 'addons-linter'
 
-LESS_PREPROCESS = True
-
 XSENDFILE_HEADER = 'X-Accel-Redirect'
 
 ALLOW_SELF_REVIEWS = True
 
-GEOIP_URL = 'https://geo.services.mozilla.com'
-
-AES_KEYS = env.dict('AES_KEYS')
-
 PERSONA_DEFAULT_PAGES = 2
 
-SENTRY_DSN = env('SENTRY_DSN')
-
 AMO_LANGUAGES = AMO_LANGUAGES + DEBUG_LANGUAGES
 LANGUAGES = lazy(lazy_langs, dict)(AMO_LANGUAGES)
 LANGUAGE_URL_MAP = dict([(i.lower(), i) for i in AMO_LANGUAGES])
@@ -208,15 +163,6 @@ FXA_CONFIG = {
             'https://%s/api/v3/accounts/authenticate/' % DOMAIN,
         'scope': 'profile',
     },
-    'internal': {
-        'client_id': env('INTERNAL_FXA_CLIENT_ID'),
-        'client_secret': env('INTERNAL_FXA_CLIENT_SECRET'),
-        'content_host': 'https://stable.dev.lcip.org',
-        'oauth_host': 'https://oauth-stable.dev.lcip.org/v1',
-        'profile_host': 'https://stable.dev.lcip.org/profile/v1',
-        'redirect_url': 'https://addons-admin.dev.mozaws.net/fxa-authenticate',
-        'scope': 'profile',
-    },
     'amo': {
         'client_id': env('AMO_FXA_CLIENT_ID'),
         'client_secret': env('AMO_FXA_CLIENT_SECRET'),
@@ -238,7 +184,6 @@ FXA_CONFIG = {
     },
 }
 DEFAULT_FXA_CONFIG_NAME = 'default'
-INTERNAL_FXA_CONFIG_NAME = 'internal'
 ALLOWED_FXA_CONFIGS = ['default', 'amo', 'local']
 
 CORS_ENDPOINT_OVERRIDES = cors_endpoint_overrides(
@@ -252,15 +197,10 @@ CORS_ENDPOINT_OVERRIDES = cors_endpoint_overrides(
     ],
 )
 
-READ_ONLY = env.bool('READ_ONLY', default=False)
-
 RAVEN_DSN = (
     'https://5686e2a8f14446a3940c651c6a14dc73@sentry.prod.mozaws.net/75')
 RAVEN_ALLOW_LIST = ['addons-dev.allizom.org', 'addons-dev-cdn.allizom.org']
 
-GITHUB_API_USER = env('GITHUB_API_USER')
-GITHUB_API_TOKEN = env('GITHUB_API_TOKEN')
-
 FXA_SQS_AWS_QUEUE_URL = (
     'https://sqs.us-east-1.amazonaws.com/927034868273/'
     'amo-account-change-dev')

src/olympia/conf/prod/settings.py

@@ -12,20 +12,13 @@ EMAIL_PORT = EMAIL_URL['EMAIL_PORT']
 EMAIL_BACKEND = EMAIL_URL['EMAIL_BACKEND']
 EMAIL_HOST_USER = EMAIL_URL['EMAIL_HOST_USER']
 EMAIL_HOST_PASSWORD = EMAIL_URL['EMAIL_HOST_PASSWORD']
-EMAIL_QA_ALLOW_LIST = env.list('EMAIL_QA_ALLOW_LIST')
-EMAIL_DENY_LIST = env.list('EMAIL_DENY_LIST')
 
 SEND_REAL_EMAIL = True
 
 ENV = env('ENV')
-DEBUG = False
-DEBUG_PROPAGATE_EXCEPTIONS = False
-SESSION_COOKIE_SECURE = True
 
 API_THROTTLE = False
 
-REDIRECT_SECRET_KEY = env('REDIRECT_SECRET_KEY')
-
 CDN_HOST = 'https://addons.cdn.mozilla.net'
 DOMAIN = env('DOMAIN', default='addons.mozilla.org')
 SERVER_EMAIL = 'zprod@addons.mozilla.org'
@@ -37,12 +30,6 @@ MEDIA_URL = '%s/user-media/' % CDN_HOST
 
 SESSION_COOKIE_DOMAIN = ".%s" % DOMAIN
 
-# Filter IP addresses of allowed clients that can post email through the API.
-ALLOWED_CLIENTS_EMAIL_API = env.list('ALLOWED_CLIENTS_EMAIL_API', default=[])
-# Auth token required to authorize inbound email.
-INBOUND_EMAIL_SECRET_KEY = env('INBOUND_EMAIL_SECRET_KEY', default='')
-# Validation key we need to send in POST response.
-INBOUND_EMAIL_VALIDATION_KEY = env('INBOUND_EMAIL_VALIDATION_KEY', default='')
 # Domain emails should be sent to.
 INBOUND_EMAIL_DOMAIN = env('INBOUND_EMAIL_DOMAIN',
                            default='addons.mozilla.org')
@@ -97,18 +84,8 @@ CACHES['default']['TIMEOUT'] = 500
 CACHES['default']['BACKEND'] = 'caching.backends.memcached.MemcachedCache'
 CACHES['default']['KEY_PREFIX'] = CACHE_PREFIX
 
-SECRET_KEY = env('SECRET_KEY')
-
-
 # Celery
-CELERY_BROKER_URL = env('CELERY_BROKER_URL')
-
-CELERY_TASK_IGNORE_RESULT = True
-CELERY_WORKER_DISABLE_RATE_LIMITS = True
 CELERY_BROKER_CONNECTION_TIMEOUT = 0.5
-CELERY_RESULT_BACKEND = env('CELERY_RESULT_BACKEND')
-
-LOG_LEVEL = logging.DEBUG
 
 LOGGING['loggers'].update({
     'adi.updatecounts': {'level': logging.INFO},
@@ -133,25 +110,11 @@ REDIS_BACKENDS = {
 
 CACHE_MACHINE_USE_REDIS = True
 
-# Old recaptcha V1
-RECAPTCHA_PUBLIC_KEY = env('RECAPTCHA_PUBLIC_KEY')
-RECAPTCHA_PRIVATE_KEY = env('RECAPTCHA_PRIVATE_KEY')
-# New Recaptcha V2
-NOBOT_RECAPTCHA_PUBLIC_KEY = env('NOBOT_RECAPTCHA_PUBLIC_KEY')
-NOBOT_RECAPTCHA_PRIVATE_KEY = env('NOBOT_RECAPTCHA_PRIVATE_KEY')
-
-RESPONSYS_ID = env('RESPONSYS_ID')
-
 ES_TIMEOUT = 60
 ES_HOSTS = env('ES_HOSTS')
 ES_URLS = ['http://%s' % h for h in ES_HOSTS]
 ES_INDEXES = dict((k, '%s_%s' % (v, ENV)) for k, v in ES_INDEXES.items())
 
-STATSD_HOST = env('STATSD_HOST')
-STATSD_PREFIX = env('STATSD_PREFIX')
-
-GRAPHITE_HOST = env('GRAPHITE_HOST')
-GRAPHITE_PREFIX = env('GRAPHITE_PREFIX')
 
 CEF_PRODUCT = STATSD_PREFIX
 
@@ -161,16 +124,8 @@ CLEANCSS_BIN = 'cleancss'
 UGLIFY_BIN = 'uglifyjs'
 ADDONS_LINTER_BIN = 'addons-linter'
 
-LESS_PREPROCESS = True
-
 XSENDFILE_HEADER = 'X-Accel-Redirect'
 
-GEOIP_URL = 'https://geo.services.mozilla.com'
-
-AES_KEYS = env.dict('AES_KEYS')
-
-SENTRY_DSN = env('SENTRY_DSN')
-
 NEWRELIC_ENABLE = env.bool('NEWRELIC_ENABLE', default=False)
 
 if NEWRELIC_ENABLE:
@@ -187,16 +142,6 @@ FXA_CONFIG = {
             'https://%s/api/v3/accounts/authenticate/' % DOMAIN,
         'scope': 'profile',
     },
-    'internal': {
-        'client_id': env('INTERNAL_FXA_CLIENT_ID'),
-        'client_secret': env('INTERNAL_FXA_CLIENT_SECRET'),
-        'content_host': 'https://accounts.firefox.com',
-        'oauth_host': 'https://oauth.accounts.firefox.com/v1',
-        'profile_host': 'https://profile.accounts.firefox.com/v1',
-        'redirect_url':
-            'https://addons-admin.prod.mozaws.net/fxa-authenticate',
-        'scope': 'profile',
-    },
     'amo': {
         'client_id': env('AMO_FXA_CLIENT_ID'),
         'client_secret': env('AMO_FXA_CLIENT_SECRET'),
@@ -210,7 +155,6 @@ FXA_CONFIG = {
     },
 }
 DEFAULT_FXA_CONFIG_NAME = 'default'
-INTERNAL_FXA_CONFIG_NAME = 'internal'
 ALLOWED_FXA_CONFIGS = ['default', 'amo']
 
 CORS_ENDPOINT_OVERRIDES = cors_endpoint_overrides(
@@ -222,14 +166,10 @@ VALIDATOR_TIMEOUT = 360
 
 ES_DEFAULT_NUM_SHARDS = 10
 
-READ_ONLY = env.bool('READ_ONLY', default=False)
-
 RAVEN_DSN = (
     'https://8c1c5936578948a9a0614cbbafccf049@sentry.prod.mozaws.net/78')
 RAVEN_ALLOW_LIST = ['addons.mozilla.org', 'addons.cdn.mozilla.net']
 
-GITHUB_API_USER = env('GITHUB_API_USER')
-GITHUB_API_TOKEN = env('GITHUB_API_TOKEN')
 
 RECOMMENDATION_ENGINE_URL = env(
     'RECOMMENDATION_ENGINE_URL',

src/olympia/conf/stage/settings.py

@@ -24,18 +24,11 @@ EMAIL_PORT = EMAIL_URL['EMAIL_PORT']
 EMAIL_BACKEND = EMAIL_URL['EMAIL_BACKEND']
 EMAIL_HOST_USER = EMAIL_URL['EMAIL_HOST_USER']
 EMAIL_HOST_PASSWORD = EMAIL_URL['EMAIL_HOST_PASSWORD']
-EMAIL_QA_ALLOW_LIST = env.list('EMAIL_QA_ALLOW_LIST')
-EMAIL_DENY_LIST = env.list('EMAIL_DENY_LIST')
 
 ENV = env('ENV')
-DEBUG = False
-DEBUG_PROPAGATE_EXCEPTIONS = False
-SESSION_COOKIE_SECURE = True
 
 API_THROTTLE = False
 
-REDIRECT_SECRET_KEY = env('REDIRECT_SECRET_KEY')
-
 DOMAIN = env('DOMAIN', default='addons.allizom.org')
 SERVER_EMAIL = 'zstage@addons.mozilla.org'
 SITE_URL = 'https://' + DOMAIN
@@ -46,12 +39,6 @@ MEDIA_URL = '%s/user-media/' % CDN_HOST
 
 SESSION_COOKIE_DOMAIN = ".%s" % DOMAIN
 
-# Filter IP addresses of allowed clients that can post email through the API.
-ALLOWED_CLIENTS_EMAIL_API = env.list('ALLOWED_CLIENTS_EMAIL_API', default=[])
-# Auth token required to authorize inbound email.
-INBOUND_EMAIL_SECRET_KEY = env('INBOUND_EMAIL_SECRET_KEY', default='')
-# Validation key we need to send in POST response.
-INBOUND_EMAIL_VALIDATION_KEY = env('INBOUND_EMAIL_VALIDATION_KEY', default='')
 # Domain emails should be sent to.
 INBOUND_EMAIL_DOMAIN = env('INBOUND_EMAIL_DOMAIN',
                            default='addons.allizom.org')
@@ -106,17 +93,8 @@ CACHES['default']['TIMEOUT'] = 500
 CACHES['default']['BACKEND'] = 'caching.backends.memcached.MemcachedCache'
 CACHES['default']['KEY_PREFIX'] = CACHE_PREFIX
 
-SECRET_KEY = env('SECRET_KEY')
-
-LOG_LEVEL = logging.DEBUG
-
 # Celery
-CELERY_BROKER_URL = env('CELERY_BROKER_URL')
-
-CELERY_TASK_IGNORE_RESULT = True
-CELERY_WORKER_DISABLE_RATE_LIMITS = True
 CELERY_WORKER_PREFETCH_MULTIPLIER = 1
-CELERY_RESULT_BACKEND = env('CELERY_RESULT_BACKEND')
 
 LOGGING['loggers'].update({
     'z.task': {'level': logging.DEBUG},
@@ -136,28 +114,13 @@ REDIS_BACKENDS = {
 
 CACHE_MACHINE_USE_REDIS = True
 
-# Old recaptcha V1
-RECAPTCHA_PUBLIC_KEY = env('RECAPTCHA_PUBLIC_KEY')
-RECAPTCHA_PRIVATE_KEY = env('RECAPTCHA_PRIVATE_KEY')
-# New Recaptcha V2
-NOBOT_RECAPTCHA_PUBLIC_KEY = env('NOBOT_RECAPTCHA_PUBLIC_KEY')
-NOBOT_RECAPTCHA_PRIVATE_KEY = env('NOBOT_RECAPTCHA_PRIVATE_KEY')
-
 csp = 'csp.middleware.CSPMiddleware'
 
-RESPONSYS_ID = env('RESPONSYS_ID')
-
 ES_TIMEOUT = 60
 ES_HOSTS = env('ES_HOSTS')
 ES_URLS = ['http://%s' % h for h in ES_HOSTS]
 ES_INDEXES = dict((k, '%s_%s' % (v, ENV)) for k, v in ES_INDEXES.items())
 
-STATSD_HOST = env('STATSD_HOST')
-STATSD_PREFIX = env('STATSD_PREFIX')
-
-GRAPHITE_HOST = env('GRAPHITE_HOST')
-GRAPHITE_PREFIX = env('GRAPHITE_PREFIX')
-
 CEF_PRODUCT = STATSD_PREFIX
 
 NEW_FEATURES = True
@@ -168,20 +131,12 @@ CLEANCSS_BIN = 'cleancss'
 UGLIFY_BIN = 'uglifyjs'
 ADDONS_LINTER_BIN = 'addons-linter'
 
-LESS_PREPROCESS = True
-
 XSENDFILE_HEADER = 'X-Accel-Redirect'
 
 ALLOW_SELF_REVIEWS = True
 
-GEOIP_URL = 'https://geo.services.mozilla.com'
-
-AES_KEYS = env.dict('AES_KEYS')
-
 PERSONA_DEFAULT_PAGES = 5
 
-SENTRY_DSN = env('SENTRY_DSN')
-
 AMO_LANGUAGES = AMO_LANGUAGES + DEBUG_LANGUAGES
 LANGUAGES = lazy(lazy_langs, dict)(AMO_LANGUAGES)
 LANGUAGE_URL_MAP = dict([(i.lower(), i) for i in AMO_LANGUAGES])
@@ -202,16 +157,6 @@ FXA_CONFIG = {
             'https://%s/api/v3/accounts/authenticate/' % DOMAIN,
         'scope': 'profile',
     },
-    'internal': {
-        'client_id': env('INTERNAL_FXA_CLIENT_ID'),
-        'client_secret': env('INTERNAL_FXA_CLIENT_SECRET'),
-        'content_host': 'https://accounts.firefox.com',
-        'oauth_host': 'https://oauth.accounts.firefox.com/v1',
-        'profile_host': 'https://profile.accounts.firefox.com/v1',
-        'redirect_url':
-            'https://addons-admin.stage.mozaws.net/fxa-authenticate',
-        'scope': 'profile',
-    },
     'amo': {
         'client_id': env('AMO_FXA_CLIENT_ID'),
         'client_secret': env('AMO_FXA_CLIENT_SECRET'),
@@ -234,7 +179,6 @@ FXA_CONFIG = {
     },
 }
 DEFAULT_FXA_CONFIG_NAME = 'default'
-INTERNAL_FXA_CONFIG_NAME = 'internal'
 ALLOWED_FXA_CONFIGS = ['default', 'amo', 'local']
 
 CORS_ENDPOINT_OVERRIDES = cors_endpoint_overrides(
@@ -242,15 +186,10 @@ CORS_ENDPOINT_OVERRIDES = cors_endpoint_overrides(
     internal=['addons-admin.stage.mozaws.net'],
 )
 
-READ_ONLY = env.bool('READ_ONLY', default=False)
-
 RAVEN_DSN = (
     'https://e35602be5252460d97587478bcc642df@sentry.prod.mozaws.net/77')
 RAVEN_ALLOW_LIST = ['addons.allizom.org', 'addons-cdn.allizom.org']
 
-GITHUB_API_USER = env('GITHUB_API_USER')
-GITHUB_API_TOKEN = env('GITHUB_API_TOKEN')
-
 FXA_SQS_AWS_QUEUE_URL = (
     'https://sqs.us-east-1.amazonaws.com/142069644989/'
     'amo-account-change-stage')

src/olympia/lib/settings_base.py

@@ -56,8 +56,9 @@ def path(*folders):
 # It puts it in a dir called "workspace".  Way to be, hudson.
 ROOT_PACKAGE = os.path.basename(ROOT)
 
-DEBUG = True
-DEBUG_PROPAGATE_EXCEPTIONS = True
+DEBUG = False
+# Ensure that exceptions aren't re-raised.
+DEBUG_PROPAGATE_EXCEPTIONS = False
 SILENCED_SYSTEM_CHECKS = (
     # Recommendation to use OneToOneField instead of ForeignKey(unique=True)
     # but our translations are the way they are...
@@ -345,7 +346,9 @@ SUPPORTED_NONLOCALES = (
 )
 
 # Make this unique, and don't share it with anybody.
-SECRET_KEY = 'this-is-a-dummy-key-and-its-overridden-for-prod-servers'
+SECRET_KEY = env(
+    'SECRET_KEY',
+    default='this-is-a-dummy-key-and-its-overridden-for-prod-servers')
 
 # Templates
 JINJA_EXCLUDE_TEMPLATE_PATHS = (
@@ -541,13 +544,6 @@ INSTALLED_APPS = (
     'django_statsd',
 )
 
-# These apps are only needed in a testing environment. They are added to
-# INSTALLED_APPS by settings_test.py (which is itself loaded by setup.cfg by
-# pytest)
-TEST_INSTALLED_APPS = (
-    'olympia.translations.tests.testapp',
-)
-
 # Tells the extract script what files to look for l10n in and what function
 # handles the extraction. The puente library expects this.
 PUENTE = {
@@ -1038,7 +1034,7 @@ NEW_PERSONAS_UPDATE_URL = VAMO_URL + '/%(locale)s/themes/update-check/%(id)d'
 
 # Outgoing URL bouncer
 REDIRECT_URL = 'https://outgoing.prod.mozaws.net/v1/'
-REDIRECT_SECRET_KEY = ''
+REDIRECT_SECRET_KEY = env('REDIRECT_SECRET_KEY', default='')
 
 # Allow URLs from these servers. Use full domain names.
 REDIRECT_URL_ALLOW_LIST = ['addons.mozilla.org']
@@ -1072,13 +1068,10 @@ DEFAULT_FROM_EMAIL = ADDONS_EMAIL
 # Email goes to the console by default.  s/console/smtp/ for regular delivery
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 
-# Please use all lowercase for the deny_list.
-EMAIL_DENY_LIST = (
-    'nobody@mozilla.org',
-)
-
 # Please use all lowercase for the QA allow list.
-EMAIL_QA_ALLOW_LIST = ()
+EMAIL_QA_ALLOW_LIST = env.list('EMAIL_QA_ALLOW_LIST', default=())
+# Please use all lowercase for the deny_list.
+EMAIL_DENY_LIST = env.list('EMAIL_DENY_LIST', default=('nobody@mozilla.org',))
 
 # URL for Add-on Validation FAQ.
 VALIDATION_FAQ_URL = ('https://wiki.mozilla.org/Add-ons/Reviewers/Guide/'
@@ -1086,18 +1079,23 @@ VALIDATION_FAQ_URL = ('https://wiki.mozilla.org/Add-ons/Reviewers/Guide/'
 
 
 # Celery
-CELERY_BROKER_URL = os.environ.get(
+CELERY_BROKER_URL = env(
     'CELERY_BROKER_URL',
-    'amqp://olympia:olympia@localhost:5672/olympia')
+    default=os.environ.get(
+        'CELERY_BROKER_URL', 'amqp://olympia:olympia@localhost:5672/olympia'))
 CELERY_BROKER_CONNECTION_TIMEOUT = 0.1
 CELERY_BROKER_HEARTBEAT = 60 * 15
 CELERY_TASK_DEFAULT_QUEUE = 'default'
-CELERY_RESULT_BACKEND = os.environ.get(
-    'CELERY_RESULT_BACKEND', 'redis://localhost:6379/1')
+CELERY_RESULT_BACKEND = env(
+    'CELERY_RESULT_BACKEND',
+    default=os.environ.get(
+        'CELERY_RESULT_BACKEND', 'redis://localhost:6379/1'))
 
 CELERY_TASK_IGNORE_RESULT = True
 CELERY_SEND_TASK_ERROR_EMAILS = True
 CELERY_WORKER_HIJACK_ROOT_LOGGER = False
+# Testing responsiveness without rate limits.
+CELERY_WORKER_DISABLE_RATE_LIMITS = True
 
 # Continue serializing in pickle but also accept new JSON format
 # for forwards and backwards compatibility.
@@ -1402,7 +1400,7 @@ CSP_STYLE_SRC = (
 ENGAGE_ROBOTS = True
 
 # Read-only mode setup.
-READ_ONLY = False
+READ_ONLY = env.bool('READ_ONLY', default=False)
 
 
 # Turn on read-only mode in local_settings.py by putting this line
@@ -1437,8 +1435,12 @@ MAX_REVIEW_ATTACHMENT_UPLOAD_SIZE = 5 * 1024 * 1024
 
 # RECAPTCHA: overload the following key settings in local_settings.py
 # with your keys.
-NOBOT_RECAPTCHA_PUBLIC_KEY = ''
-NOBOT_RECAPTCHA_PRIVATE_KEY = ''
+# Old recaptcha V1
+RECAPTCHA_PUBLIC_KEY = env('RECAPTCHA_PUBLIC_KEY', default='')
+RECAPTCHA_PRIVATE_KEY = env('RECAPTCHA_PRIVATE_KEY', default='')
+# New Recaptcha V2
+NOBOT_RECAPTCHA_PUBLIC_KEY = env('NOBOT_RECAPTCHA_PUBLIC_KEY', default='')
+NOBOT_RECAPTCHA_PRIVATE_KEY = env('NOBOT_RECAPTCHA_PRIVATE_KEY', default='')
 
 # Send Django signals asynchronously on a background thread.
 ASYNC_SIGNALS = True
@@ -1479,6 +1481,8 @@ REDIS_BACKENDS = {
     'master': get_redis_settings(REDIS_LOCATION)
 }
 
+RESPONSYS_ID = env('RESPONSYS_ID', default=None)
+
 # Number of seconds before celery tasks will abort addon validation:
 VALIDATOR_TIMEOUT = 110
 
@@ -1541,16 +1545,16 @@ TASK_USER_ID = 4757633
 # use a fake email backend.
 SEND_REAL_EMAIL = False
 
-STATSD_HOST = 'localhost'
+STATSD_HOST = env('STATSD_HOST', default='localhost')
+STATSD_PREFIX = env('STATSD_PREFIX', default='amo')
 STATSD_PORT = 8125
-STATSD_PREFIX = 'amo'
 
 # The django statsd client to use, see django-statsd for more.
 STATSD_CLIENT = 'django_statsd.clients.normal'
 
-GRAPHITE_HOST = 'localhost'
+GRAPHITE_HOST = env('GRAPHITE_HOST', default='localhost')
+GRAPHITE_PREFIX = env('GRAPHITE_PREFIX', default='amo')
 GRAPHITE_PORT = 2003
-GRAPHITE_PREFIX = 'amo'
 GRAPHITE_TIMEOUT = 1
 
 # IP addresses of servers we use as proxies.
@@ -1564,9 +1568,6 @@ LOGIN_RATELIMIT_ALL_USERS = '15/m'
 
 CSRF_FAILURE_VIEW = 'olympia.amo.views.csrf_failure'
 
-# Testing responsiveness without rate limits.
-CELERY_WORKER_DISABLE_RATE_LIMITS = True
-
 # Default file storage mechanism that holds media.
 DEFAULT_FILE_STORAGE = 'olympia.amo.utils.LocalFileStorage'
 
@@ -1629,10 +1630,6 @@ LANGPACK_MAX_SIZE = 5 * 1024 * 1024  # 5MB should be more than enough
 # This saves us when we upgrade jingo-minify (jsocol/jingo-minify@916b054c).
 JINGO_MINIFY_USE_STATIC = True
 
-# Whitelist IP addresses of the allowed clients that can post email
-# through the API.
-ALLOWED_CLIENTS_EMAIL_API = []
-
 # Allow URL style format override. eg. "?format=json"
 URL_FORMAT_OVERRIDE = 'format'
 
@@ -1669,9 +1666,8 @@ GUARDED_ADDONS_PATH = ROOT + '/guarded-addons'
 
 # These are key files that must be present on disk to encrypt/decrypt certain
 # database fields.
-AES_KEYS = {
-    # 'api_key:secret': os.path.join(ROOT, 'path', 'to', 'file.key'),
-}
+# {'api_key:secret': os.path.join(ROOT, 'path', 'to', 'file.key'),}
+AES_KEYS = env.dict('AES_KEYS', default={})
 
 # Time in seconds for how long a JWT auth token created by developers with
 # their API key can live. When developers are creating auth tokens they cannot
@@ -1733,9 +1729,8 @@ REST_FRAMEWORK = {
     'ORDERING_PARAM': 'sort',
 }
 
-# This is the DSN to the local Sentry service. It might be overridden in
-# site-specific settings files as well.
-SENTRY_DSN = os.environ.get('SENTRY_DSN')
+# This is the DSN to the Sentry service.
+SENTRY_DSN = env('SENTRY_DSN', default=os.environ.get('SENTRY_DSN'))
 
 # Automatically do 'from olympia import amo' when running shell_plus.
 SHELL_PLUS_POST_IMPORTS = (
@@ -1743,7 +1738,6 @@ SHELL_PLUS_POST_IMPORTS = (
 )
 
 DEFAULT_FXA_CONFIG_NAME = 'default'
-INTERNAL_FXA_CONFIG_NAME = 'internal'
 ALLOWED_FXA_CONFIGS = ['default']
 
 WEBEXT_PERM_DESCRIPTIONS_URL = (
@@ -1806,3 +1800,7 @@ FXA_SQS_AWS_QUEUE_URL = (
 FXA_SQS_AWS_WAIT_TIME = 20  # Seconds.
 
 AWS_STATS_S3_BUCKET = env('AWS_STATS_S3_BUCKET', default=None)
+
+# For the Github webhook API.
+GITHUB_API_USER = env('GITHUB_API_USER', default='')
+GITHUB_API_TOKEN = env('GITHUB_API_TOKEN', default='')