From 37721ed215c684383771ddf51bf2f93b4599ce92 Mon Sep 17 00:00:00 2001 From: Jon Michael Aanes Date: Mon, 8 Jul 2024 00:00:50 +0200 Subject: [PATCH] There is little reason to differentiate between hardcoded values and configuration --- secret_loader/__init__.py | 24 +++++++++++++++--------- test/test_init.py | 5 +++-- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/secret_loader/__init__.py b/secret_loader/__init__.py index 6ace620..bc96c98 100644 --- a/secret_loader/__init__.py +++ b/secret_loader/__init__.py @@ -14,7 +14,8 @@ db_password = secrets.load_or_fail('DATABASE_PASSWORD') Secret loading order: -0. Hardcoded values. **This is purely for debugging and prototyping.** +0. Hardcoded values. **This is purely for debugging, prototyping, and for + configuring below options.** 1. Files pointed to by environment variables. Docker friendly. 2. Secrets folder. Also Docker friendly. 3. [Pass: the standard unix password @@ -38,6 +39,8 @@ try: except ImportError: hvac = None +ENV_KEY_PREFIX = 'ENV_KEY_PREFIX' + ENV_KEY_VAULT_URL = 'VAULT_URL' ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN' ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT' @@ -51,17 +54,20 @@ class SecretLoader: See module documentation for usage. """ - def __init__(self, env_key_prefix: str, hardcoded: dict[str, str] | None = None): - assert not env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)' - self.env_key_prefix = env_key_prefix - self.hardcoded: dict[str, str] = hardcoded if hardcoded is not None else {} + def __init__(self, **hardcoded: str): + # Basic setup, containing only hardcoded. + self.hardcoded: dict[str, str] = hardcoded self.pass_folder = None self.vault_client = None + self.env_key_prefix = None + + # Setup environment + self.env_key_prefix = self._load_or_none(ENV_KEY_PREFIX) + if self.env_key_prefix is not None: + assert not self.env_key_prefix.endswith('_'), 'Prefix must not end with _ (this will be added automatically)' # Setup pass - if pass_folder := self._load_or_none(ENV_KEY_PASS_FOLDER): - self.pass_folder = pass_folder - del pass_folder + self.pass_folder = self._load_or_none(ENV_KEY_PASS_FOLDER) # Setup vault if hvac: @@ -103,7 +109,7 @@ class SecretLoader: try: with open(filepath) as f: return f.read().strip() - except Exception: + except FileNotFoundError: return None def _load_or_none_local_password_store(self, env_key: str) -> str | None: diff --git a/test/test_init.py b/test/test_init.py index e207ff2..39240d1 100644 --- a/test/test_init.py +++ b/test/test_init.py @@ -2,9 +2,10 @@ import secret_loader def test_init(): - loader = secret_loader.SecretLoader('TEST', hardcoded={'KEY': 'VALUE'}) + loader = secret_loader.SecretLoader(ENV_KEY_PREFIX = 'TEST', KEY = 'VALUE') + assert loader.load('ENV_KEY_PREFIX') == 'TEST' assert loader.load('KEY') == 'VALUE' def test_lookup_unknown(): - loader = secret_loader.SecretLoader('TEST', hardcoded={}) + loader = secret_loader.SecretLoader() assert loader.load('UNKNOWN') is None