From 7fbd3ad275b87d1e29342d27893198de99901f70 Mon Sep 17 00:00:00 2001
From: Daniel STAN <daniel.stan@crans.org>
Date: Thu, 4 Dec 2014 21:03:16 +0100
Subject: [PATCH] =?UTF-8?q?secrets=5Fnew:=20d=C3=A9but=20de=20modularit?=
 =?UTF-8?q?=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gestion/secrets_new.py | 77 ++++++++++++++++++++++++++++++++----------
 1 file changed, 59 insertions(+), 18 deletions(-)

diff --git a/gestion/secrets_new.py b/gestion/secrets_new.py
index 7b7b9669..22920525 100644
--- a/gestion/secrets_new.py
+++ b/gestion/secrets_new.py
@@ -4,6 +4,7 @@
 # ----------
 #
 # Copyright (C) 2007 Jeremie Dimino <dimino@crans.org>
+# Copyright (C) 2014 Daniel STAN <daniel.stan@crans.org>
 #
 # This file is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,6 +30,8 @@ import logging
 import logging.handlers
 import getpass
 
+SECRET_PATH = '/etc/crans/secrets'
+
 # Initialisation d'un logger pour faire des stats etc
 # pour l'instant, on centralise tout sur thot en mode debug
 logger = logging.getLogger('secrets_new')
@@ -41,24 +44,62 @@ except AttributeError:
     handler.formatter = formatter
 logger.addHandler(handler)
 
-def get(secret):
+class SecretNotFound(Exception):
+    pass
+
+class SecretForbidden(Exception):
+    pass
+
+# Définitions de fonctions renvoyant un secret, si existant, en utilisant
+# **UNE** méthode d'accès
+def python_loader(name):
+    """Charger depuis le fichier python la variable au ``name`` correspondant"""
+    try:
+        sys.path.insert(0, SECRET_PATH)
+        import secrets as module
+        sys.path.pop(0)
+        try:
+            return getattr(module, name)
+        except AttributeError:
+            raise SecretNotFound()
+    except ImportError:
+        raise SecretForbidden()
+
+def single_file_loader(name):
+    """Charger depuis un fichier isolé appelé ``name``"""
+    path = os.path.join(SECRET_PATH, name)
+    if not os.path.isfile(path):
+        raise SecretNotFound()
+    try:
+        with open(path, 'r') as source:
+            result = source.read().strip()
+        return result
+    except IOError:
+        raise SecretForbidden()
+
+def try_file_loader(name):
+    """Charge un fichier, mais sans échec si pas de droit de lecture"""
+    try:
+        return single_file_loader(name)
+    except SecretForbidden:
+        raise SecretNotFound()
+
+def get(name):
     """ Récupère un secret. """
     prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0])
-    logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret))
-    try:
-        f = open("/etc/crans/secrets/" + secret)
-        result = f.read().strip()
-        f.close()
-        return result
-    except:
+    logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, name))
+
+    loaders = [python_loader, single_file_loader]
+    notfound_error = None
+    
+    for loader in loaders:
         try:
-            sys.path.insert(0, '/etc/crans/secrets')
-            import secrets as module
-            sys.path.pop(0)
-            return getattr(module, secret)
-        except:
-            logger.critical('...and that failed.')
-            if os.getenv('DEBUG', 0):
-                raise
-            else:
-                raise Exception("Impossible d'acceder au secret %s!" % secret)
+            return loader(name)
+        except SecretNotFound as exc:
+            notfound_error = notfound_error or exc
+        except SecretForbidden:
+            logger.critical('...and that failed (Forbidden).')
+            raise
+            
+    logger.critical('...and that failed (not found).')
+    raise notfound_error