From a12ffa41de2fa209d611aea82aa122e8e7f79295 Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Sat, 29 Jan 2022 12:39:23 -0500 Subject: [PATCH] feat(grfn/bbbg): Add pluggable backends for dev secrets To allow people who aren't me / don't use `pass` to actually run the app locally, allow just reading dev secrets from a file on disk. Change-Id: I82a410ae877aa50b4302d5bda7072c79fa8f56fb Reviewed-on: https://cl.tvl.fyi/c/depot/+/5114 Reviewed-by: grfn Autosubmit: grfn Tested-by: BuildkiteCI --- users/grfn/bbbg/src/bbbg/discord.clj | 9 +-- users/grfn/bbbg/src/bbbg/discord/auth.clj | 5 +- users/grfn/bbbg/src/bbbg/util/dev_secrets.clj | 59 +++++++++++++++++++ 3 files changed, 67 insertions(+), 6 deletions(-) create mode 100644 users/grfn/bbbg/src/bbbg/util/dev_secrets.clj diff --git a/users/grfn/bbbg/src/bbbg/discord.clj b/users/grfn/bbbg/src/bbbg/discord.clj index ce8568ad8..e854ec1d1 100644 --- a/users/grfn/bbbg/src/bbbg/discord.clj +++ b/users/grfn/bbbg/src/bbbg/discord.clj @@ -1,8 +1,9 @@ (ns bbbg.discord (:refer-clojure :exclude [get]) - (:require [clj-http.client :as http] - [clojure.string :as str] - [bbbg.util.core :as u])) + (:require + [bbbg.util.dev-secrets :refer [secret]] + [clj-http.client :as http] + [clojure.string :as str])) (def base-uri "https://discord.com/api") @@ -33,7 +34,7 @@ (get token (str "/users/@me/guilds/" guild-id "/member"))) (comment - (def token {:token (u/pass "bbbg/test-token")}) + (def token {:token (secret "bbbg/test-token")}) (me token) (guilds token) (guild-member token "841295283564052510") diff --git a/users/grfn/bbbg/src/bbbg/discord/auth.clj b/users/grfn/bbbg/src/bbbg/discord/auth.clj index 0b04df558..a16637373 100644 --- a/users/grfn/bbbg/src/bbbg/discord/auth.clj +++ b/users/grfn/bbbg/src/bbbg/discord/auth.clj @@ -2,6 +2,7 @@ (:require [bbbg.discord :as discord] [bbbg.util.core :as u] + [bbbg.util.dev-secrets :refer [secret]] clj-time.coerce [clojure.spec.alpha :as s] [config.core :refer [env]] @@ -33,8 +34,8 @@ (defn dev-config [] (s/assert ::config - {::client-id (u/pass "bbbg/discord-client-id") - ::client-secret (u/pass "bbbg/discord-client-secret") + {::client-id (secret "bbbg/discord-client-id") + ::client-secret (secret "bbbg/discord-client-secret") ::bbbg-guild-id "841295283564052510" ;; TODO this might not be the right id ::bbbg-organizer-role "874846495873040395"})) diff --git a/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj new file mode 100644 index 000000000..88f1b50ca --- /dev/null +++ b/users/grfn/bbbg/src/bbbg/util/dev_secrets.clj @@ -0,0 +1,59 @@ +(ns bbbg.util.dev-secrets + "Utility library for loading secrets during development from multiple + backends. + + # Supported backends + + - [Pass][0] (the default) + + (bbbg.util.dev-secrets/set-backend! :pass) + + Loads all secrets by shelling out to `pass ` + + [0]: https://www.passwordstore.org/ + + - Directory + + (bbbg.util.dev-secrets/set-backend! [:dir \"/path/to/secret/directory\"]) + + Loads all secrets by reading the secret name as a (plaintext!) file rooted + at the given directory" + (:require [bbbg.util.core :as u] + [clojure.string :as str] + [clojure.java.io :as io])) + +(def ^:dynamic *secret-backend* :pass) + +(defn set-backend! + "Change the default secret-backend" + [backend] + (alter-var-root #'*secret-backend* (constantly backend))) + +(defmulti ^:private load-secret + (fn [backend _secret] + (if (coll? backend) (first backend) backend))) + +(defmethod load-secret :pass [_ secret] + (u/pass secret)) + +(defmethod load-secret :dir [[_ dir] secret] + (str/trim (slurp (io/file dir secret)))) + +(defn secret + "Load the value for the given `secret-name' from the currently selected + backend" + [secret-name] + (load-secret *secret-backend* secret-name)) + +(comment + (secret "bbbg/discord-client-id") + + (binding [*secret-backend* [:dir "/tmp/bbbg-secrets"]] + (secret "bbbg/discord-client-id")) + + (set-backend! [:dir "/tmp/bbbg-secrets"]) + (secret "bbbg/discord-client-id") + + (set-backend! :pass) + (secret "bbbg/discord-client-id") + )