Removed proxy variable feature. (#60)

[mrogaski]

Expanding variables automatically on a read is an anti-pattern.
Variable expansion by the shell should only be done when the
value is inserted into the environment, but the vlaue should be
treated as opaque data. Any processing or interpretation of the
variable should be done by the appliaction, not by the access
method.

[coveralls]

Coverage decreased (-0.09%) to 88.342% when pulling d5afbb2 on mrogaski:bugfix/60_proxy_var into 628ed38 on joke2k:develop.

[nwjlyons]

FYI I added a way to make this optional #145

[mrogaski]

Interpolation of environment variables on read is a very risky behavior. Even if there's a valid use case for it (which is debatable), it should be disabled by default.

[joke2k]

Thank you

A lot of people use the proxy values, so we can't remove without a lot of issues of backports.
But I understand your point.
We should use the quoting to catch or not the proxy value, for example:

# .end file:
# FOO="$BRIAN"
# BAR='$BRIAN'
# ZAP=$BRIAN
# BRIAN=brian

# if quoted the proxy is not evaluated
>>> print env('FOO'), env('BAR')
('$BRIAN', '$BRIAN')
>>> print env('ZAP')
brian

To do that we should edit read_env() method adding a dict that records if a variable is quoted or not.
Then in get_value() we can check if this variable is not quoted and finally apply the proxy solution.

See #145

[mrogaski]

This is a reasonable approach. Thank you.

[fdemmer]

another aspect of this, that i'd consider broken with proxy variables are default values and that would not be improved with the suggested approach. consider the following test:

self.assertEqual('$@u#c4w=%k', self.env('not_present', default='$@u#c4w=%k'))

here the environment variable not_present does not exist and the default value happens to start with a $. this is assumed to be a "proxy variable" and looked up (using the same value as default again), which leads to an infinite recursion.

came across this issue when using django's get_random_secret_key() for a safe default:

SECRET_KEY = env.str('SECRET_KEY', default=get_random_secret_key())

it seems to me like a feature, that does more harm, than good and should be explicitly enabled; would suggest a semantic major version update with breaking change.

[mrogaski]

@fdemmer The SECRET_KEY example is what got me looking at this in the first place. ;)

[kov]

I just got hit by this and was very confused. The secret key that got generated for me started with a $. Took me a while to figure it out because I had not yet read about proxy variables on the docs. And I am now a little more confused about the state of this issue, since both this and #145 are both still open I assume the only fix for my case is to change my SECRET_KEY? This may be fine for new setups but may make it impossible for me to deploy django-environ on some projects where variables will necessarily have values starting with $...

[sergeyklay]

PR was closed by mistake. I can't reopen it since the repository that submitted this PR has been deleted. I'll review this PR and give feedback soon.