From c3ba2b4a274ebea51e2f4fe905039e8dc77c7c19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= <kropikuba@gmail.com>
Date: Tue, 23 Jul 2024 17:13:11 +0200
Subject: [PATCH] WiP reworking bw2secrets

---
 scripts/bw2secrets                     | 66 ++++++++++++++++++--------
 services/immich/.env.template          |  4 +-
 services/joplin/.env.template          |  4 +-
 services/photoprism/.env_file.template |  2 +-
 4 files changed, 52 insertions(+), 24 deletions(-)

diff --git a/scripts/bw2secrets b/scripts/bw2secrets
index 4e85d52..c6cefc8 100755
--- a/scripts/bw2secrets
+++ b/scripts/bw2secrets
@@ -4,11 +4,47 @@ import getpass
 import shutil
 import subprocess as sp
 from pathlib import Path
+from typing import Literal
 
 import jinja2
 
 bitwarden_session = None
 
+TemplateEnvType = Literal["password", "username"]
+
+
+def fetch_secret(bw_path: Path, secret_id: str, object_type: str = "password") -> str:
+    global bitwarden_session
+    res = sp.run(
+        [bw_path, "get", object_type, secret_id, "--session", bitwarden_session],
+        capture_output=True,
+        text=True,
+    )
+    res.check_returncode()
+    return res.stdout
+
+
+class TemplateEnv:
+    bw_path: Path
+    env_type: TemplateEnvType
+    cached_items: dict[str, str]
+
+    def __init__(self, _type: TemplateEnvType, bw_path: Path):
+        self.env_type = _type
+        self.bw_path = bw_path
+        self.cached_items = dict()
+
+    def __getitem__(self, item):
+        print(f"{self.env_type} {self.cached_items}")
+        if cached_item := self.cached_items.get(item):
+            return cached_item
+        self.cached_items[item] = fetch_secret(
+            self.bw_path,
+            item,
+            self.env_type,
+        )
+        return self.cached_items[item]
+
 
 def _add_args(parser: argparse.ArgumentParser):
     parser.add_argument(
@@ -52,37 +88,29 @@ def sync_bw_session(bw_path: Path):
 def find_templates(base_dirs: set[Path]) -> set[Path]:
     env_templates: set[Path] = set()
     for path in base_dirs:
-        for env_template in path.glob(f"{path}/**/*.template"):
+        for env_template in path.glob("**/*.template"):
             env_templates.add(env_template)
     return env_templates
 
 
-def fetch_secret(bw_path: Path, secret_id: str) -> str:
-    global bitwarden_session
-    res = sp.run(
-        [bw_path, "get", "password", secret_id, "--session", bitwarden_session],
-        capture_output=True,
-        text=True,
-    )
-    res.check_returncode()
-    return res.stdout
-
-
-def secret_filter(bw_path: Path, secret_id: str) -> str:
-    return fetch_secret(bw_path, secret_id)
+# def secret_filter(bw_path: Path, secret_id: str) -> str:
+#     return fetch_secret(bw_path, secret_id)
 
 
 def compile_file(file_path: Path, bw_path: Path):
     jinja_env = jinja2.Environment(
         loader=jinja2.FileSystemLoader(file_path.parent),
     )
-    jinja_env.filters['secret'] = lambda secret_id: secret_filter(
-        bw_path, secret_id,
-    )
-
+    username = TemplateEnv("username", bw_path)
+    password = TemplateEnv("password", bw_path)
     template = jinja_env.get_template(file_path.name)
 
-    rendered_template = template.render()
+    rendered_template = template.render(
+        dict(
+            username=username,
+            password=password,
+        ),
+    )
     file_path.with_name(
         file_path.name.replace(
             ".template", "",
diff --git a/services/immich/.env.template b/services/immich/.env.template
index 6b35e80..f33b478 100644
--- a/services/immich/.env.template
+++ b/services/immich/.env.template
@@ -1,8 +1,8 @@
 UPLOAD_LOCATION=/mnt/data/immich
 
-DB_PASSWORD={{ 'fc4c389b-f598-4f42-940b-eaeabecd8359' | secret }}
+DB_PASSWORD={{ password['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
 DB_HOSTNAME=database
-DB_USERNAME=immich
+DB_USERNAME={{ username['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
 DB_DATABASE_NAME=immich
 
 REDIS_HOSTNAME=redis
diff --git a/services/joplin/.env.template b/services/joplin/.env.template
index 590285f..c52b557 100644
--- a/services/joplin/.env.template
+++ b/services/joplin/.env.template
@@ -1,5 +1,5 @@
 HOST=joplin.togetherdays.cz
-POSTGRES_PASSWORD={{ '9562334a-3e01-4b07-9068-89e9b8f51b85' | secret }}
+POSTGRES_PASSWORD={{ password['9562334a-3e01-4b07-9068-89e9b8f51b85'] }}
 POSTGRES_DATABASE=joplin
 POSTGRES_USER=joplin
 POSTGRES_PORT=5432
@@ -8,6 +8,6 @@ MAILER_HOST=smtp.seznam.cz
 MAILER_PORT=465
 MAILER_SECURITY=tls
 MAILER_AUTH_USER=mailer@togetherdays.cz
-MAILER_AUTH_PASSWORD={{ 'bd699710-f430-4ec8-815b-2019fa94132f' | secret }}
+MAILER_AUTH_PASSWORD={{ password['bd699710-f430-4ec8-815b-2019fa94132f'] }}
 MAILER_NOREPLY_NAME=no-reply
 MAILER_NOREPLY_EMAIL=mailer@togetherdays.cz
diff --git a/services/photoprism/.env_file.template b/services/photoprism/.env_file.template
index 158c5bd..922e102 100644
--- a/services/photoprism/.env_file.template
+++ b/services/photoprism/.env_file.template
@@ -36,7 +36,7 @@ PHOTOPRISM_DATABASE_DRIVER=mysql
 PHOTOPRISM_DATABASE_SERVER=mariadb:3306
 PHOTOPRISM_DATABASE_NAME=photoprism
 PHOTOPRISM_DATABASE_USER=photoprism
-PHOTOPRISM_DATABASE_PASSWORD={{ 'f1a35ea8-bc34-4a89-ad23-037e6dfa10f0' | secret }}
+PHOTOPRISM_DATABASE_PASSWORD={{ password['f1a35ea8-bc34-4a89-ad23-037e6dfa10f0'] }}
 
 PHOTOPRISM_SITE_CAPTION=Gallery
 PHOTOPRISM_SITE_DESCRIPTION=