Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Load secrets from files #10

Closed
wants to merge 6 commits into from
Closed

Load secrets from files #10

wants to merge 6 commits into from

Conversation

mdemare
Copy link
Contributor

@mdemare mdemare commented Sep 13, 2024

  • Added support for ALLOWED_CLIENT_IDS
  • Review feedback
  • Support for loading secrets from files specified by env vars.

joodie
joodie requested changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@joodie joodie left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dit is rommellig. Je bent eerst aan het valideren, dan dingen ongedaan aan het maken/parsen, en dan weer opnieuw valideren. Lees die secrets eerst, en valideer daarna:

(defn- load-secret-from-file
  [env k]
  (let [file-key (keyword (str (name k) "-file"))
        file-name (env file-key)]
    (if file-name
      (assoc env k (str/trim (slurp file-name)))
      env)))

(defn- env-with-secrets
  "Environment map, with additional secrets loaded from files.

  If a key \"K\" in `opt-specs` is not present, and a key \"K-file\"
  is present, load the secret from that file and put it in the env map
  under K."
  []
  (->> opt-specs
       keys
       (reduce (fn [env k]
                 (if (contains? env k)
                   env
                   (load-secret-from-file env k)))
               env)))

en dan verderop in main:

  (let [[config errs] (envopts/opts (env-with-secrets) opt-specs)]

joodie
joodie requested changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@joodie joodie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

graag aanpassen

@mdemare
Copy link
Contributor Author

mdemare commented Sep 13, 2024

In jouw voorstel gooi je de validatie weg, dwz ofwel SURF_CONEXT_CLIENT_ID of SURF_CONEXT_CLIENT_ID_FILE is verplicht, en als je allebei weglaat moet het proces exiten met een error message. Heb de config code nu verplaatst naar een eigen namespace. Dit is nu dezelfde structuur als in de edumapper, dus als het hier rommelig is, dan daar ook. Volgende week maar even naar kijken.

In principe kan Remco Jak testen met de b1070c6 commit, heb de laatste commit nog niet goed kunnen testen.

@mdemare mdemare requested a review from joodie September 17, 2024 11:43
@mdemare mdemare closed this Sep 17, 2024
@mdemare mdemare deleted the file_secrets branch September 17, 2024 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joodie joodie Awaiting requested review from joodie

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mdemare @joodie