feat(grfn/bbbg): Add pluggable backends for dev secrets

To allow people who aren't me / don't use `pass` to actually run the app locally, allow just reading dev secrets from a file on disk. Change-Id: I82a410ae877aa50b4302d5bda7072c79fa8f56fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5114 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2022-01-29 12:39:23 -05:00 · 2022-01-29 12:39:23 -05:00 · a12ffa41de
commit a12ffa41de
parent 88595c23ce
3 changed files with 67 additions and 6 deletions
--- a/users/grfn/bbbg/src/bbbg/discord.clj
+++ b/users/grfn/bbbg/src/bbbg/discord.clj
@ -1,8 +1,9 @@
 (ns bbbg.discord
  (:refer-clojure :exclude [get])
-  (:require [clj-http.client :as http]
-            [clojure.string :as str]
-            [bbbg.util.core :as u]))
+  (:require
+   [bbbg.util.dev-secrets :refer [secret]]
+   [clj-http.client :as http]
+   [clojure.string :as str]))

 (def base-uri "https://discord.com/api")

@ -33,7 +34,7 @@
  (get token (str "/users/@me/guilds/" guild-id "/member")))

 (comment
-  (def token {:token (u/pass "bbbg/test-token")})
+  (def token {:token (secret "bbbg/test-token")})
  (me token)
  (guilds token)
  (guild-member token "841295283564052510")
--- a/users/grfn/bbbg/src/bbbg/discord/auth.clj
+++ b/users/grfn/bbbg/src/bbbg/discord/auth.clj
@ -2,6 +2,7 @@
  (:require
   [bbbg.discord :as discord]
   [bbbg.util.core :as u]
+   [bbbg.util.dev-secrets :refer [secret]]
   clj-time.coerce
   [clojure.spec.alpha :as s]
   [config.core :refer [env]]
@ -33,8 +34,8 @@
 (defn dev-config []
  (s/assert
   ::config
-   {::client-id (u/pass "bbbg/discord-client-id")
-    ::client-secret (u/pass "bbbg/discord-client-secret")
+   {::client-id (secret "bbbg/discord-client-id")
+    ::client-secret (secret "bbbg/discord-client-secret")
    ::bbbg-guild-id "841295283564052510"
    ;; TODO this might not be the right id
    ::bbbg-organizer-role "874846495873040395"}))
--- a/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj
+++ b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj
@ -0,0 +1,59 @@
+(ns bbbg.util.dev-secrets
+  "Utility library for loading secrets during development from multiple
+  backends.
+
+  # Supported backends
+
+  - [Pass][0] (the default)
+
+        (bbbg.util.dev-secrets/set-backend! :pass)
+
+    Loads all secrets by shelling out to `pass <secret-name>`
+
+    [0]: https://www.passwordstore.org/
+
+  - Directory
+
+        (bbbg.util.dev-secrets/set-backend! [:dir \"/path/to/secret/directory\"])
+
+     Loads all secrets by reading the secret name as a (plaintext!) file rooted
+     at the given directory"
+  (:require [bbbg.util.core :as u]
+            [clojure.string :as str]
+            [clojure.java.io :as io]))
+
+(def ^:dynamic *secret-backend* :pass)
+
+(defn set-backend!
+  "Change the default secret-backend"
+  [backend]
+  (alter-var-root #'*secret-backend* (constantly backend)))
+
+(defmulti ^:private load-secret
+  (fn [backend _secret]
+    (if (coll? backend) (first backend) backend)))
+
+(defmethod load-secret :pass [_ secret]
+  (u/pass secret))
+
+(defmethod load-secret :dir [[_ dir] secret]
+  (str/trim (slurp (io/file dir secret))))
+
+(defn secret
+  "Load the value for the given `secret-name' from the currently selected
+  backend"
+  [secret-name]
+  (load-secret *secret-backend* secret-name))
+
+(comment
+  (secret "bbbg/discord-client-id")
+
+  (binding [*secret-backend* [:dir "/tmp/bbbg-secrets"]]
+    (secret "bbbg/discord-client-id"))
+
+  (set-backend! [:dir "/tmp/bbbg-secrets"])
+  (secret "bbbg/discord-client-id")
+
+  (set-backend! :pass)
+  (secret "bbbg/discord-client-id")
+  )