feat(grfn/bbbg): Add pluggable backends for dev secrets r/3704

To allow people who aren't me / don't use `pass` to actually run the app
locally, allow just reading dev secrets from a file on disk.

Change-Id: I82a410ae877aa50b4302d5bda7072c79fa8f56fb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5114
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI

3 files changed, 67 insertions, 6 deletions

diff --git a/users/grfn/bbbg/src/bbbg/discord.clj b/users/grfn/bbbg/src/bbbg/discord.clj
index ce8568ad82..e854ec1d14 100644
--- a/users/grfn/bbbg/src/bbbg/discord.clj
+++ b/users/grfn/bbbg/src/bbbg/discord.clj
@@ -1,8 +1,9 @@
 (ns bbbg.discord
   (:refer-clojure :exclude [get])
-  (:require [clj-http.client :as http]
-            [clojure.string :as str]
-            [bbbg.util.core :as u]))
+  (:require
+   [bbbg.util.dev-secrets :refer [secret]]
+   [clj-http.client :as http]
+   [clojure.string :as str]))
 
 (def base-uri "https://discord.com/api")
 
@@ -33,7 +34,7 @@
   (get token (str "/users/@me/guilds/" guild-id "/member")))
 
 (comment
-  (def token {:token (u/pass "bbbg/test-token")})
+  (def token {:token (secret "bbbg/test-token")})
   (me token)
   (guilds token)
   (guild-member token "841295283564052510")
diff --git a/users/grfn/bbbg/src/bbbg/discord/auth.clj b/users/grfn/bbbg/src/bbbg/discord/auth.clj
index 0b04df558b..a166373738 100644
--- a/users/grfn/bbbg/src/bbbg/discord/auth.clj
+++ b/users/grfn/bbbg/src/bbbg/discord/auth.clj
@@ -2,6 +2,7 @@
   (:require
    [bbbg.discord :as discord]
    [bbbg.util.core :as u]
+   [bbbg.util.dev-secrets :refer [secret]]
    clj-time.coerce
    [clojure.spec.alpha :as s]
    [config.core :refer [env]]
@@ -33,8 +34,8 @@
 (defn dev-config []
   (s/assert
    ::config
-   {::client-id (u/pass "bbbg/discord-client-id")
-    ::client-secret (u/pass "bbbg/discord-client-secret")
+   {::client-id (secret "bbbg/discord-client-id")
+    ::client-secret (secret "bbbg/discord-client-secret")
     ::bbbg-guild-id "841295283564052510"
     ;; TODO this might not be the right id
     ::bbbg-organizer-role "874846495873040395"}))
diff --git a/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj
new file mode 100644
index 0000000000..88f1b50caa
--- /dev/null
+++ b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj
@@ -0,0 +1,59 @@
+(ns bbbg.util.dev-secrets
+  "Utility library for loading secrets during development from multiple
+  backends.
+
+  # Supported backends
+
+  - [Pass][0] (the default)
+
+        (bbbg.util.dev-secrets/set-backend! :pass)
+
+    Loads all secrets by shelling out to `pass <secret-name>`
+
+    [0]: https://www.passwordstore.org/
+
+  - Directory
+
+        (bbbg.util.dev-secrets/set-backend! [:dir \"/path/to/secret/directory\"])
+
+     Loads all secrets by reading the secret name as a (plaintext!) file rooted
+     at the given directory"
+  (:require [bbbg.util.core :as u]
+            [clojure.string :as str]
+            [clojure.java.io :as io]))
+
+(def ^:dynamic *secret-backend* :pass)
+
+(defn set-backend!
+  "Change the default secret-backend"
+  [backend]
+  (alter-var-root #'*secret-backend* (constantly backend)))
+
+(defmulti ^:private load-secret
+  (fn [backend _secret]
+    (if (coll? backend) (first backend) backend)))
+
+(defmethod load-secret :pass [_ secret]
+  (u/pass secret))
+
+(defmethod load-secret :dir [[_ dir] secret]
+  (str/trim (slurp (io/file dir secret))))
+
+(defn secret
+  "Load the value for the given `secret-name' from the currently selected
+  backend"
+  [secret-name]
+  (load-secret *secret-backend* secret-name))
+
+(comment
+  (secret "bbbg/discord-client-id")
+
+  (binding [*secret-backend* [:dir "/tmp/bbbg-secrets"]]
+    (secret "bbbg/discord-client-id"))
+
+  (set-backend! [:dir "/tmp/bbbg-secrets"])
+  (secret "bbbg/discord-client-id")
+
+  (set-backend! :pass)
+  (secret "bbbg/discord-client-id")
+  )