pyinfra/scripts/bw2secrets

#!/usr/bin/env python3
import argparse
import enum
import getpass
import shutil
import subprocess as sp
from pathlib import Path

import jinja2

PROJECT_ROOT_DIRECTORY = Path(__file__).parent.parent.resolve()

bitwarden_session = None


class TemplateEnvType(enum.StrEnum):
    USERNAME = "username"
    PASSWORD = "password"


class TemplateEnv:
    bw_path: Path
    env_type: TemplateEnvType
    cached_items: dict[str, str]

    def _fetch_secret(self, secret_id: str) -> str:
        global bitwarden_session

        if not bitwarden_session:
            raise NotImplementedError("Failed to get bitwarden session")

        res = sp.run(
            [
                self.bw_path, "get", self.env_type.value,
                secret_id, "--session", bitwarden_session,
            ],
            capture_output=True,
            text=True,
        )
        res.check_returncode()
        return res.stdout

    def __init__(self, _type: TemplateEnvType, bw_path: Path):
        self.env_type = _type
        self.bw_path = bw_path
        self.cached_items = dict()

    def __getitem__(self, item):
        if cached_item := self.cached_items.get(item):
            return cached_item
        self.cached_items[item] = self._fetch_secret(
            item,
        )
        return self.cached_items[item]


def _add_args(parser: argparse.ArgumentParser):
    parser.add_argument(
        "search_paths",
        help="start directory to walk files to find secret references",
        default=[PROJECT_ROOT_DIRECTORY],
        nargs="*",
    )
    parser.add_argument(
        "--bw-path", "-b",
        help="custom path for bitwarden cli executable",
        default=shutil.which("bw"),
    )


def init_bw_session(bw_path: Path):
    global bitwarden_session

    if (pw_file := (PROJECT_ROOT_DIRECTORY / ".bw2secrets")).exists():
        bitwarden_password = pw_file.read_text().strip()
    else:
        print("Please, provide your bitwarden master password")
        bitwarden_password = getpass.getpass("Master password: ")
    res = sp.run(
        [bw_path, "unlock", bitwarden_password, "--raw"], capture_output=True,
        text=True,
    )
    res.check_returncode()
    bitwarden_session = res.stdout


def sync_bw_session(bw_path: Path):
    global bitwarden_session

    if not bitwarden_session:
        raise NotImplementedError("Failed to get bitwarden session")

    res = sp.run(
        [bw_path, "sync", "--session", bitwarden_session], capture_output=True,
        text=True,
    )
    res.check_returncode()


def find_templates(base_dirs: set[Path]) -> set[Path]:
    env_templates: set[Path] = set()
    for path in base_dirs:
        for env_template in path.glob("**/*.template"):
            print(f"INFO: Found template at {env_template}")
            env_templates.add(env_template)
    return env_templates


def compile_file(file_path: Path, bw_path: Path):
    jinja_env = jinja2.Environment(
        loader=jinja2.FileSystemLoader(file_path.parent),
    )
    username = TemplateEnv(TemplateEnvType.USERNAME, bw_path)
    password = TemplateEnv(TemplateEnvType.PASSWORD, bw_path)
    template = jinja_env.get_template(file_path.name)

    rendered_template = template.render(
        dict(
            username=username,
            password=password,
        ),
    )
    file_path.with_name(
        file_path.name.replace(
            ".template", "",
        ),
    ).write_text(rendered_template)


def main() -> int:
    parser = argparse.ArgumentParser("bw2secrets")
    _add_args(parser)
    args = parser.parse_args()

    if not (bw_path := args.bw_path):
        print("Bitwarden CLI `bw` executable not found in PATH")
        return 1

    search_paths: set[Path] = set()
    for path in args.search_paths:
        search_path = Path(path)
        search_paths.add(search_path)
        print(f"INFO: Will be searching {path}")

    print("INFO: Searching templates")
    template_files = find_templates(search_paths)

    init_bw_session(bw_path)
    sync_bw_session(bw_path)

    for file in template_files:
        print(f"INFO: Compiling {file}")
        compile_file(file, bw_path)

    return 0


if __name__ == "__main__":
    raise SystemExit(main())