indico: use files for passwords

Signed-off-by: Jeltz <jeltz@federez.net>
2025-02-27 21:49:48 +01:00 · 2025-02-27 21:49:48 +01:00 · 2f93570ac4
commit 2f93570ac4
parent dd2afc2cfb
3 changed files with 120 additions and 13 deletions
--- a/pkgs/python-vars-with-env/codegen.py
+++ b/pkgs/python-vars-with-env/codegen.py
@ -0,0 +1,54 @@
+from argparse import ArgumentParser
+from pathlib import Path
+from json import load
+
+
+# Indico raises a warning for every non prefixed local variable, so we add a
+# prefix to each import and declared function
+PROLOGUE = (
+    "import functools as _functools\n"
+    "@_functools.cache\n"
+    "def _read_file(name):\n"
+    "    with open(name) as f:\n"
+    "        return name\n"
+)
+
+
+def make_value(value):
+    match value["_pyType"]:
+        case "str" | "int" | "bool" | "null":
+            return repr(value["_value"])
+        case "list":
+            items = [make_value(i) for i in value["_value"]]
+            return f"[{','.join(items)}]"
+        case "dict":
+            items = [
+                f"{repr(k)}: {make_value(v)}"
+                for k, v in value["_value"].items()
+            ]
+            return f"{{{','.join(items)}}}"
+        case "read-file":
+            return f"_read_file({repr(value['_value'])})"
+        case _:
+            raise ValueError("Unknown data type")
+
+
+def mk_vars(vars):
+    if not all(str.isidentifier(n) for n in vars.keys()):
+        raise ValueError("At least one variable identifier is invalid")
+    eqs = [f"{n} = {make_value(v)}" for n, v in vars.items()]
+    return PROLOGUE + "\n".join(eqs)
+
+
+def main():
+    parser = ArgumentParser()
+    parser.add_argument("json", type=Path)
+
+    args = parser.parse_args()
+
+    with args.json.open() as fd:
+        print(mk_vars(load(fd)))
+
+
+if __name__ == "__main__":
+    main()
--- a/pkgs/python-vars-with-env/default.nix
+++ b/pkgs/python-vars-with-env/default.nix
@ -0,0 +1,53 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+
+rec {
+  _mkPy = type: value: {
+    _pyType = type;
+    _value = value;
+  };
+
+  _isPy = value: lib.isAttrs value && lib.hasAttr "_pyType" value;
+
+  _mkValue = value:
+    if _isPy value then
+      value
+    else if lib.isStringLike value then
+      _mkPy "str" value
+    else if lib.isInt value then
+      _mkPy "int" value
+    else if lib.isBool value then
+      _mkPy "bool" value
+    else if value == null then
+      _mkPy "null" null
+    else if lib.isList value then
+      _mkPy "list" (lib.map _mkValue value)
+    else if lib.isAttrs value then
+      _mkPy "dict" (lib.mapAttrs (_: _mkValue) value)
+    else
+      abort "unsupported type";
+
+  _mkVars = lib.mapAttrs (_: _mkValue);
+
+  mkReadFile = path:
+    _mkPy "read-file" (if lib.isStringLike path then
+      path
+    else
+      abort "invalid path type");
+
+  generate = name: value:
+    pkgs.callPackage ({ runCommand, python3, black }:
+      runCommand name {
+        nativeBuildInputs = [ python3 black ];
+        value = builtins.toJSON (_mkVars value);
+        codegen = builtins.readFile ./codegen.py;
+        passAsFile = [ "codegen" "value" ];
+        preferLocalBuild = true;
+      } ''
+        python3 $codegenPath $valuePath > $out
+        black $out
+      '') { };
+}