From 81d019acb675ada89279346bb55f0ace8308050f Mon Sep 17 00:00:00 2001 From: takunomi-build-bot Date: Tue, 16 Jul 2024 22:15:42 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=A4=96=20Repository=20layout=20updated=20?= =?UTF-8?q?to=20latest=20version?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit was automatically generated by a script: https://gitfub.space/Jmaa/python-omni --- LICENSE | 20 +++++++++++++++++++- README.md | 46 ++++++++++++++++++++++++++++++++-------------- setup.py | 50 +++++++++++++++++++++++++++++++++----------------- 3 files changed, 84 insertions(+), 32 deletions(-) diff --git a/LICENSE b/LICENSE index 6a69d01..67061b0 100644 --- a/LICENSE +++ b/LICENSE @@ -1,3 +1,21 @@ +MIT License + Copyright (c) 2024 Jon Michael Aanes -All rights reserved. +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 39371f1..079bf1b 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ db_username = secrets.load_or_fail('DATABASE_USERNAME') db_password = secrets.load_or_fail('DATABASE_PASSWORD') ``` + Secret loading order: 0. Hardcoded values. **This is purely for debugging, prototyping, and for @@ -27,33 +28,50 @@ Secret loading order: usage; very unsuited for server environments. Requires `pass` installed locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above methods. -4. Vault instance if configured. Suited for production environments. +4. Vault instance if configured. Suited for production environments. **NOTE: + This is barely supported.** Requires `hvac` python package. -## TODO +## Future extensions +- [ ] Key casing should be more consistent + * Case-insensitive for hardcoded and `load`. + * Upper case for environment variables. + * Lower case for files and others. +- [ ] New special configuration value for switching the `secrets` directory. +- [ ] Wrap secrets in intelligent strings: + * [ ] Instead of returning `None` on unloaded, return `UnknownSecret`, that produce error when formatted. + * [ ] `repr(secret)` should not include contents, but only the secret and how it was loaded. + * [ ] Methods on `Secret` should be kept minimal. - [ ] Avoid leakage to swap files. * Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock) * Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§ -- [ ] Wrap secrets in intelligent strings: - * Instead of returning None on unloaded, return UnknownSecret, that produce - error when formatted. - * `repr(secret)` should not include contents, but only the secret and how - it was loaded. - * Methods on `Secret` should be kept minimal. - [ ] Vault: * [ ] Ensure vault code path works. * [ ] Document usage and requirements. -## License - -Copyright 2024 Jon Michael Aanes. -All rights reserved. - # License ``` +MIT License + Copyright (c) 2024 Jon Michael Aanes -All rights reserved. +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. ``` diff --git a/setup.py b/setup.py index c51b896..fda9aeb 100644 --- a/setup.py +++ b/setup.py @@ -25,6 +25,7 @@ db_username = secrets.load_or_fail('DATABASE_USERNAME') db_password = secrets.load_or_fail('DATABASE_PASSWORD') ``` + Secret loading order: 0. Hardcoded values. **This is purely for debugging, prototyping, and for @@ -36,40 +37,55 @@ Secret loading order: usage; very unsuited for server environments. Requires `pass` installed locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above methods. -4. Vault instance if configured. Suited for production environments. +4. Vault instance if configured. Suited for production environments. **NOTE: + This is barely supported.** Requires `hvac` python package. -## TODO +## Future extensions +- [ ] Key casing should be more consistent + * Case-insensitive for hardcoded and `load`. + * Upper case for environment variables. + * Lower case for files and others. +- [ ] New special configuration value for switching the `secrets` directory. +- [ ] Wrap secrets in intelligent strings: + * [ ] Instead of returning `None` on unloaded, return `UnknownSecret`, that produce error when formatted. + * [ ] `repr(secret)` should not include contents, but only the secret and how it was loaded. + * [ ] Methods on `Secret` should be kept minimal. - [ ] Avoid leakage to swap files. * Possibly Mlock? [Does not seem to work](https://stackoverflow.com/questions/29524020/prevent-ram-from-paging-to-swap-area-mlock) * Alternatively use [mmap](https://docs.python.org/3/library/mmap.html) and [memoryview](https://stackoverflow.com/questions/18655648/what-exactly-is-the-point-of-memoryview-in-python)?§ -- [ ] Wrap secrets in intelligent strings: - * Instead of returning None on unloaded, return UnknownSecret, that produce - error when formatted. - * `repr(secret)` should not include contents, but only the secret and how - it was loaded. - * Methods on `Secret` should be kept minimal. - [ ] Vault: * [ ] Ensure vault code path works. * [ ] Document usage and requirements. -## License - -Copyright 2024 Jon Michael Aanes. -All rights reserved. - # License ``` +MIT License + Copyright (c) 2024 Jon Michael Aanes -All rights reserved. +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. ```""" -PACKAGE_DESCRIPTION_SHORT = ( - 'System for loading secrets from a variety of sources.' -) +PACKAGE_DESCRIPTION_SHORT = 'System for loading secrets from a variety of sources.' def parse_version_file(text: str) -> str: