diff options
author | Griffin Smith <grfn@gws.fyi> | 2022-01-29T17·39-0500 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2022-01-29T17·52+0000 |
commit | a12ffa41de2fa209d611aea82aa122e8e7f79295 (patch) | |
tree | 0285ae3a230bba0c9ea94742c261205c1d63ef51 /users/grfn/bbbg/src | |
parent | 88595c23ce0739f0afaacccf500e51dba2ce7220 (diff) |
feat(grfn/bbbg): Add pluggable backends for dev secrets r/3704
To allow people who aren't me / don't use `pass` to actually run the app locally, allow just reading dev secrets from a file on disk. Change-Id: I82a410ae877aa50b4302d5bda7072c79fa8f56fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5114 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'users/grfn/bbbg/src')
-rw-r--r-- | users/grfn/bbbg/src/bbbg/discord.clj | 9 | ||||
-rw-r--r-- | users/grfn/bbbg/src/bbbg/discord/auth.clj | 5 | ||||
-rw-r--r-- | users/grfn/bbbg/src/bbbg/util/dev_secrets.clj | 59 |
3 files changed, 67 insertions, 6 deletions
diff --git a/users/grfn/bbbg/src/bbbg/discord.clj b/users/grfn/bbbg/src/bbbg/discord.clj index ce8568ad827c..e854ec1d147d 100644 --- a/users/grfn/bbbg/src/bbbg/discord.clj +++ b/users/grfn/bbbg/src/bbbg/discord.clj @@ -1,8 +1,9 @@ (ns bbbg.discord (:refer-clojure :exclude [get]) - (:require [clj-http.client :as http] - [clojure.string :as str] - [bbbg.util.core :as u])) + (:require + [bbbg.util.dev-secrets :refer [secret]] + [clj-http.client :as http] + [clojure.string :as str])) (def base-uri "https://discord.com/api") @@ -33,7 +34,7 @@ (get token (str "/users/@me/guilds/" guild-id "/member"))) (comment - (def token {:token (u/pass "bbbg/test-token")}) + (def token {:token (secret "bbbg/test-token")}) (me token) (guilds token) (guild-member token "841295283564052510") diff --git a/users/grfn/bbbg/src/bbbg/discord/auth.clj b/users/grfn/bbbg/src/bbbg/discord/auth.clj index 0b04df558b04..a16637373892 100644 --- a/users/grfn/bbbg/src/bbbg/discord/auth.clj +++ b/users/grfn/bbbg/src/bbbg/discord/auth.clj @@ -2,6 +2,7 @@ (:require [bbbg.discord :as discord] [bbbg.util.core :as u] + [bbbg.util.dev-secrets :refer [secret]] clj-time.coerce [clojure.spec.alpha :as s] [config.core :refer [env]] @@ -33,8 +34,8 @@ (defn dev-config [] (s/assert ::config - {::client-id (u/pass "bbbg/discord-client-id") - ::client-secret (u/pass "bbbg/discord-client-secret") + {::client-id (secret "bbbg/discord-client-id") + ::client-secret (secret "bbbg/discord-client-secret") ::bbbg-guild-id "841295283564052510" ;; TODO this might not be the right id ::bbbg-organizer-role "874846495873040395"})) diff --git a/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj new file mode 100644 index 000000000000..88f1b50caaa8 --- /dev/null +++ b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj @@ -0,0 +1,59 @@ +(ns bbbg.util.dev-secrets + "Utility library for loading secrets during development from multiple + backends. + + # Supported backends + + - [Pass][0] (the default) + + (bbbg.util.dev-secrets/set-backend! :pass) + + Loads all secrets by shelling out to `pass <secret-name>` + + [0]: https://www.passwordstore.org/ + + - Directory + + (bbbg.util.dev-secrets/set-backend! [:dir \"/path/to/secret/directory\"]) + + Loads all secrets by reading the secret name as a (plaintext!) file rooted + at the given directory" + (:require [bbbg.util.core :as u] + [clojure.string :as str] + [clojure.java.io :as io])) + +(def ^:dynamic *secret-backend* :pass) + +(defn set-backend! + "Change the default secret-backend" + [backend] + (alter-var-root #'*secret-backend* (constantly backend))) + +(defmulti ^:private load-secret + (fn [backend _secret] + (if (coll? backend) (first backend) backend))) + +(defmethod load-secret :pass [_ secret] + (u/pass secret)) + +(defmethod load-secret :dir [[_ dir] secret] + (str/trim (slurp (io/file dir secret)))) + +(defn secret + "Load the value for the given `secret-name' from the currently selected + backend" + [secret-name] + (load-secret *secret-backend* secret-name)) + +(comment + (secret "bbbg/discord-client-id") + + (binding [*secret-backend* [:dir "/tmp/bbbg-secrets"]] + (secret "bbbg/discord-client-id")) + + (set-backend! [:dir "/tmp/bbbg-secrets"]) + (secret "bbbg/discord-client-id") + + (set-backend! :pass) + (secret "bbbg/discord-client-id") + ) |