Implemented hardcoded

2024-06-12 23:36:21 +02:00 · 2024-06-12 23:36:21 +02:00 · 66f82967b0
commit 66f82967b0
parent a2b1551d4b
2 changed files with 20 additions and 13 deletions
--- a/secret_loader/index.py
+++ b/secret_loader/index.py
@ -1,5 +1,6 @@
 import logging
 import os
+from frozendict import frozendict

 logger = logging.getLogger(__name__)
 logger.setLevel(logging.INFO)
@ -9,33 +10,39 @@ try:
 except ImportError:
    hvac = None

+ENV_KEY_VAULT_URL = 'VAULT_URL'
+ENV_KEY_VAULT_TOKEN = 'VAULT_TOKEN'
+ENV_KEY_VAULT_MOUNT_POINT = 'VAULT_MOUNT_POINT'
+
 class SecretLoader:
-    '''
+    """
    Priority order:

-    1. Files pointed to by environment variables
-    2. Secrets folder
-    3. Vault instance if configured
-    '''
+    0. Hardcoded values. This is purely for prototyping.
+    1. Files pointed to by environment variables.
+    2. Secrets folder.
+    3. Vault instance if configured. Most suited for production environments.
+    """

-    def __init__(self, env_key_prefix: str):
+    def __init__(self, env_key_prefix: str, hardcoded: dict[str,str] | None = None):
        assert not env_key_prefix.endswith('_')
        self.env_key_prefix = env_key_prefix

+        self.hardcoded: dict[str,str] = hardcoded if hardcoded is not None else {}

        # Setup vault
        self.vault_client = None
        if hvac:
            self.vault_client = hvac.Client(
-                    url=self._load_or_none('VAULT_URL'),
-                    token=self._load_or_none('VAULT_TOKEN'),
+                    url=self._load_or_none(ENV_KEY_VAULT_URL),
+                    token=self._load_or_none(ENV_KEY_VAULT_TOKEN),
+                    vault_mount_point=self._load_or_none(ENV_KEY_VAULT_MOUNT_POINT),
            )
-            self.vault_mount_point=self._load_or_none('VAULT_MOUNT_POINT')

    def load_or_fail(self, env_key: str) -> str:
        value = self._load_or_none(env_key)
        if value is None:
-            msg = 'Could not load secret {}'.format(env_key)
+            msg = f'Could not load secret {env_key}'
            raise Exception(msg)
        logger.info('Loaded secret: %s', env_key)
        return value
@ -48,7 +55,7 @@ class SecretLoader:
        return value

    def _load_or_none(self, env_key: str) -> str | None:
-        return self._load_or_none(env_key)
+        return self.hardcoded.get(env_key) or self._load_or_none_path_or_file(env_key) or self._load_or_none_vault(env_key)

    def _load_or_none_path_or_file(self, env_key: str) -> str | None:
        # 1. & 2.
--- a/test/test_init.py
+++ b/test/test_init.py
@ -2,5 +2,5 @@
 import secret_loader

 def test_init():
-    secret_loader.SecretLoader('TEST')
-
+    loader = secret_loader.SecretLoader('TEST', hardcoded = {'KEY': 'VALUE'})
+    assert loader.load('KEY') == 'VALUE'