bwfiles/libs/bwsops.py

from bundlewrap.exceptions import FaultUnavailable
from bundlewrap.utils import Fault
import json
from pathlib import Path
import subprocess

class BwSops:
    def __init__(self, file):
        self.file = Path(file)
        self._secrets = None

    def _fetch_secrets(self):
        try:
            p = subprocess.run(["sops", "decrypt", str(self.file)], capture_output=True, check=True)
        except subprocess.CalledProcessError as e:
            raise FaultUnavailable(f"SOPS: \n{e.stderr}")

        self._secrets = json.loads(p.stdout)

    def _get(self, path):
        if self._secrets is None:
            self._fetch_secrets()

        out = self._secrets

        _path_traversed = []

        try:
            for name in path:
                if not isinstance(out, dict):
                    raise KeyError(name)
                out = out[name]
                _path_traversed.append(name)
        except KeyError as e:
            raise FaultUnavailable(
                f"SOPS secret not found: {self.file}:{'/'.join(path)}\n"
                f"    {e.args[0]} not in {'/'.join(_path_traversed)}"
                )

        return out

    def get(self, path):
        if isinstance(path, str):
            path = path.split("/")

        return Fault(
            f"SOPS {self.file}:{'/'.join(path)}",
            self._get,
            path=path,
            )
Manage secrets with sops 2025-02-15 18:25:36 +01:00			`from bundlewrap.exceptions import FaultUnavailable`
			`from bundlewrap.utils import Fault`
			`import json`
			`from pathlib import Path`
			`import subprocess`

			`class BwSops:`
			`def __init__(self, file):`
			`self.file = Path(file)`
			`self._secrets = None`

			`def _fetch_secrets(self):`
			`try:`
			`p = subprocess.run(["sops", "decrypt", str(self.file)], capture_output=True, check=True)`
			`except subprocess.CalledProcessError as e:`
			`raise FaultUnavailable(f"SOPS: \n{e.stderr}")`

			`self._secrets = json.loads(p.stdout)`

			`def _get(self, path):`
			`if self._secrets is None:`
			`self._fetch_secrets()`

			`out = self._secrets`

			`_path_traversed = []`

			`try:`
			`for name in path:`
			`if not isinstance(out, dict):`
			`raise KeyError(name)`
			`out = out[name]`
			`_path_traversed.append(name)`
			`except KeyError as e:`
			`raise FaultUnavailable(`
			`f"SOPS secret not found: {self.file}:{'/'.join(path)}\n"`
			`f" {e.args[0]} not in {'/'.join(_path_traversed)}"`
			`)`

			`return out`

			`def get(self, path):`
			`if isinstance(path, str):`
			`path = path.split("/")`

			`return Fault(`
			`f"SOPS {self.file}:{'/'.join(path)}",`
			`self._get,`
			`path=path,`
			`)`