Config sections are overwritten if values come from multiple sources

[danny-burrows]

I found a (potential) bug that causes entire configuration sections to be overwritten by higher-priority config sources if a subset of config values is set. Issue is cased by calling .update() on the dictionaries in the following lines:

quetz/quetz/config.py

Lines 278 to 298 in 56ab2cf

	def init(self, path: str) -> None:
	"""Load configurations from various places.
	Order of importance for configuration is:
	host < user profile < deployment < configuration file from env var < value from
	env var
	Parameters
	----------
	deployment_config : str, optional
	The configuration stored at deployment level
	"""
	self.config: Dict[str, Any] = {}
	# only try to get config from config file if it exists.
	if path:
	self.config.update(self._read_config(path))
	self.config.update(self._get_environ_config())
	self._trigger_update_config()

The fix is to recursively merge the dictionaries instead, favouring values from higher-priority sources such as environment variables.

Minimal Example

For example, if client_id is supplied in <QUETZ-DEPLOYMENT>/config.toml in a section as so:

[github]
client_id = "ABC"

If we pass something like QUETZ_GITHUB_CLIENT_SECRET='abc' through the environment, the entire [github] config section will be overwritten with only the client secret from the environment.

Expected behaviour

I would expect these two values to be merged, this makes sense at least for this use case as specifying secrets through the environment is a common and secure practise.