WiP reworking bw2secrets
This commit is contained in:
parent
fb5c2a1bab
commit
c3ba2b4a27
4 changed files with 52 additions and 24 deletions
|
|
@ -4,11 +4,47 @@ import getpass
|
|||
import shutil
|
||||
import subprocess as sp
|
||||
from pathlib import Path
|
||||
from typing import Literal
|
||||
|
||||
import jinja2
|
||||
|
||||
bitwarden_session = None
|
||||
|
||||
TemplateEnvType = Literal["password", "username"]
|
||||
|
||||
|
||||
def fetch_secret(bw_path: Path, secret_id: str, object_type: str = "password") -> str:
|
||||
global bitwarden_session
|
||||
res = sp.run(
|
||||
[bw_path, "get", object_type, secret_id, "--session", bitwarden_session],
|
||||
capture_output=True,
|
||||
text=True,
|
||||
)
|
||||
res.check_returncode()
|
||||
return res.stdout
|
||||
|
||||
|
||||
class TemplateEnv:
|
||||
bw_path: Path
|
||||
env_type: TemplateEnvType
|
||||
cached_items: dict[str, str]
|
||||
|
||||
def __init__(self, _type: TemplateEnvType, bw_path: Path):
|
||||
self.env_type = _type
|
||||
self.bw_path = bw_path
|
||||
self.cached_items = dict()
|
||||
|
||||
def __getitem__(self, item):
|
||||
print(f"{self.env_type} {self.cached_items}")
|
||||
if cached_item := self.cached_items.get(item):
|
||||
return cached_item
|
||||
self.cached_items[item] = fetch_secret(
|
||||
self.bw_path,
|
||||
item,
|
||||
self.env_type,
|
||||
)
|
||||
return self.cached_items[item]
|
||||
|
||||
|
||||
def _add_args(parser: argparse.ArgumentParser):
|
||||
parser.add_argument(
|
||||
|
|
@ -52,37 +88,29 @@ def sync_bw_session(bw_path: Path):
|
|||
def find_templates(base_dirs: set[Path]) -> set[Path]:
|
||||
env_templates: set[Path] = set()
|
||||
for path in base_dirs:
|
||||
for env_template in path.glob(f"{path}/**/*.template"):
|
||||
for env_template in path.glob("**/*.template"):
|
||||
env_templates.add(env_template)
|
||||
return env_templates
|
||||
|
||||
|
||||
def fetch_secret(bw_path: Path, secret_id: str) -> str:
|
||||
global bitwarden_session
|
||||
res = sp.run(
|
||||
[bw_path, "get", "password", secret_id, "--session", bitwarden_session],
|
||||
capture_output=True,
|
||||
text=True,
|
||||
)
|
||||
res.check_returncode()
|
||||
return res.stdout
|
||||
|
||||
|
||||
def secret_filter(bw_path: Path, secret_id: str) -> str:
|
||||
return fetch_secret(bw_path, secret_id)
|
||||
# def secret_filter(bw_path: Path, secret_id: str) -> str:
|
||||
# return fetch_secret(bw_path, secret_id)
|
||||
|
||||
|
||||
def compile_file(file_path: Path, bw_path: Path):
|
||||
jinja_env = jinja2.Environment(
|
||||
loader=jinja2.FileSystemLoader(file_path.parent),
|
||||
)
|
||||
jinja_env.filters['secret'] = lambda secret_id: secret_filter(
|
||||
bw_path, secret_id,
|
||||
)
|
||||
|
||||
username = TemplateEnv("username", bw_path)
|
||||
password = TemplateEnv("password", bw_path)
|
||||
template = jinja_env.get_template(file_path.name)
|
||||
|
||||
rendered_template = template.render()
|
||||
rendered_template = template.render(
|
||||
dict(
|
||||
username=username,
|
||||
password=password,
|
||||
),
|
||||
)
|
||||
file_path.with_name(
|
||||
file_path.name.replace(
|
||||
".template", "",
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
UPLOAD_LOCATION=/mnt/data/immich
|
||||
|
||||
DB_PASSWORD={{ 'fc4c389b-f598-4f42-940b-eaeabecd8359' | secret }}
|
||||
DB_PASSWORD={{ password['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
|
||||
DB_HOSTNAME=database
|
||||
DB_USERNAME=immich
|
||||
DB_USERNAME={{ username['fc4c389b-f598-4f42-940b-eaeabecd8359'] }}
|
||||
DB_DATABASE_NAME=immich
|
||||
|
||||
REDIS_HOSTNAME=redis
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
HOST=joplin.togetherdays.cz
|
||||
POSTGRES_PASSWORD={{ '9562334a-3e01-4b07-9068-89e9b8f51b85' | secret }}
|
||||
POSTGRES_PASSWORD={{ password['9562334a-3e01-4b07-9068-89e9b8f51b85'] }}
|
||||
POSTGRES_DATABASE=joplin
|
||||
POSTGRES_USER=joplin
|
||||
POSTGRES_PORT=5432
|
||||
|
|
@ -8,6 +8,6 @@ MAILER_HOST=smtp.seznam.cz
|
|||
MAILER_PORT=465
|
||||
MAILER_SECURITY=tls
|
||||
MAILER_AUTH_USER=mailer@togetherdays.cz
|
||||
MAILER_AUTH_PASSWORD={{ 'bd699710-f430-4ec8-815b-2019fa94132f' | secret }}
|
||||
MAILER_AUTH_PASSWORD={{ password['bd699710-f430-4ec8-815b-2019fa94132f'] }}
|
||||
MAILER_NOREPLY_NAME=no-reply
|
||||
MAILER_NOREPLY_EMAIL=mailer@togetherdays.cz
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ PHOTOPRISM_DATABASE_DRIVER=mysql
|
|||
PHOTOPRISM_DATABASE_SERVER=mariadb:3306
|
||||
PHOTOPRISM_DATABASE_NAME=photoprism
|
||||
PHOTOPRISM_DATABASE_USER=photoprism
|
||||
PHOTOPRISM_DATABASE_PASSWORD={{ 'f1a35ea8-bc34-4a89-ad23-037e6dfa10f0' | secret }}
|
||||
PHOTOPRISM_DATABASE_PASSWORD={{ password['f1a35ea8-bc34-4a89-ad23-037e6dfa10f0'] }}
|
||||
|
||||
PHOTOPRISM_SITE_CAPTION=Gallery
|
||||
PHOTOPRISM_SITE_DESCRIPTION=
|
||||
|
|
|
|||
Reference in a new issue