secrets_new: début de modularité

gestion/secrets_new.py

@@ -4,6 +4,7 @@
 # ----------
 #
 # Copyright (C) 2007 Jeremie Dimino <dimino@crans.org>
+# Copyright (C) 2014 Daniel STAN <daniel.stan@crans.org>
 #
 # This file is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,6 +30,8 @@ import logging
 import logging.handlers
 import getpass
 
+SECRET_PATH = '/etc/crans/secrets'
+
 # Initialisation d'un logger pour faire des stats etc
 # pour l'instant, on centralise tout sur thot en mode debug
 logger = logging.getLogger('secrets_new')
@@ -41,24 +44,62 @@ except AttributeError:
     handler.formatter = formatter
 logger.addHandler(handler)
 
-def get(secret):
+class SecretNotFound(Exception):
-    """ Récupère un secret. """
+    pass
-    prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0])
+
-    logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret))
+class SecretForbidden(Exception):
+    pass
+
+# Définitions de fonctions renvoyant un secret, si existant, en utilisant
+# **UNE** méthode d'accès
+def python_loader(name):
+    """Charger depuis le fichier python la variable au ``name`` correspondant"""
     try:
-        f = open("/etc/crans/secrets/" + secret)
+        sys.path.insert(0, SECRET_PATH)
-        result = f.read().strip()
-        f.close()
-        return result
-    except:
-        try:
-            sys.path.insert(0, '/etc/crans/secrets')
         import secrets as module
         sys.path.pop(0)
-            return getattr(module, secret)
+        try:
-        except:
+            return getattr(module, name)
-            logger.critical('...and that failed.')
+        except AttributeError:
-            if os.getenv('DEBUG', 0):
+            raise SecretNotFound()
+    except ImportError:
+        raise SecretForbidden()
+
+def single_file_loader(name):
+    """Charger depuis un fichier isolé appelé ``name``"""
+    path = os.path.join(SECRET_PATH, name)
+    if not os.path.isfile(path):
+        raise SecretNotFound()
+    try:
+        with open(path, 'r') as source:
+            result = source.read().strip()
+        return result
+    except IOError:
+        raise SecretForbidden()
+
+def try_file_loader(name):
+    """Charge un fichier, mais sans échec si pas de droit de lecture"""
+    try:
+        return single_file_loader(name)
+    except SecretForbidden:
+        raise SecretNotFound()
+
+def get(name):
+    """ Récupère un secret. """
+    prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0])
+    logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, name))
+
+    loaders = [python_loader, single_file_loader]
+    notfound_error = None
+    
+    for loader in loaders:
+        try:
+            return loader(name)
+        except SecretNotFound as exc:
+            notfound_error = notfound_error or exc
+        except SecretForbidden:
+            logger.critical('...and that failed (Forbidden).')
             raise
-            else:
+            
-                raise Exception("Impossible d'acceder au secret %s!" % secret)
+    logger.critical('...and that failed (not found).')
+    raise notfound_error