datasette-secrets 0.1a1__tar.gz → 0.1a3__tar.gz

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: datasette-secrets
-Version: 0.1a1
+Version: 0.1a3
 Summary: Manage secrets such as API keys for use with other Datasette plugins
 Author: Datasette
 License: Apache-2.0
@@ -105,6 +105,8 @@ datasette data.db --internal internal.db \
 
 users with the `manage-secrets` permission will see a new "Manage secrets" link in the Datasette navigation menu. This interface can also be accessed at `/-/secrets`.
 
+The page with the list of secrets will show the user who last updated each secret. This will use the [actors_from_ids()](https://docs.datasette.io/en/latest/plugin_hooks.html#actors-from-ids-datasette-actor-ids) mechanism, displaying the actor's `username` if available, otherwise the `name`, otherwise the `id`.
+
 ## For plugin authors
 
 Plugins can depend on this plugin if they want to implement secrets.
@@ -121,11 +123,24 @@ from datasette_secrets import Secret
 def register_secrets():
     return [
         Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
+            name="OPENAI_API_KEY",
+            description="An OpenAI API key"
+        ),
+    ]
+```
+You can also provide optional `obtain_url` and `obtain_label` fields to link to a page where a user can obtain an API key:
+```python
+@hookimpl
+def register_secrets():
+    return [
+        Secret(
+            name="OPENAI_API_KEY",
+            obtain_url="https://platform.openai.com/api-keys",
+            obtain_label="Get an OpenAI API key"
         ),
     ]
 ```
+
 The hook can take an optional `datasette` argument. It can return a list or an `async def` function that, when awaited, returns a list.
 
 The list should consist of `Secret()` instances, each with a name and an optional description. The description can contain HTML.

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/README.md

@@ -84,6 +84,8 @@ datasette data.db --internal internal.db \
 
 users with the `manage-secrets` permission will see a new "Manage secrets" link in the Datasette navigation menu. This interface can also be accessed at `/-/secrets`.
 
+The page with the list of secrets will show the user who last updated each secret. This will use the [actors_from_ids()](https://docs.datasette.io/en/latest/plugin_hooks.html#actors-from-ids-datasette-actor-ids) mechanism, displaying the actor's `username` if available, otherwise the `name`, otherwise the `id`.
+
 ## For plugin authors
 
 Plugins can depend on this plugin if they want to implement secrets.
@@ -100,11 +102,24 @@ from datasette_secrets import Secret
 def register_secrets():
     return [
         Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
+            name="OPENAI_API_KEY",
+            description="An OpenAI API key"
+        ),
+    ]
+```
+You can also provide optional `obtain_url` and `obtain_label` fields to link to a page where a user can obtain an API key:
+```python
+@hookimpl
+def register_secrets():
+    return [
+        Secret(
+            name="OPENAI_API_KEY",
+            obtain_url="https://platform.openai.com/api-keys",
+            obtain_label="Get an OpenAI API key"
         ),
     ]
 ```
+
 The hook can take an optional `datasette` argument. It can return a list or an `async def` function that, when awaited, returns a list.
 
 The list should consist of `Secret()` instances, each with a name and an optional description. The description can contain HTML.

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/datasette_secrets/__init__.py

@@ -3,7 +3,7 @@ from cryptography.fernet import Fernet
 import dataclasses
 from datasette import hookimpl, Forbidden, Permission, Response
 from datasette.plugins import pm
-from datasette.utils import await_me_maybe
+from datasette.utils import await_me_maybe, sqlite3
 import os
 from typing import Optional
 from . import hookspecs
@@ -24,12 +24,15 @@ async def get_secret(datasette, secret_name, actor_id=None):
     # Now look it up in the database
     config = get_config(datasette)
     db = get_database(datasette)
-    db_secret = (
-        await db.execute(
-            "select id, encrypted from datasette_secrets where name = ? order by version desc limit 1",
-            (secret_name,),
-        )
-    ).first()
+    try:
+        db_secret = (
+            await db.execute(
+                "select id, encrypted from datasette_secrets where name = ? order by version desc limit 1",
+                (secret_name,),
+            )
+        ).first()
+    except sqlite3.OperationalError:
+        return None
     if not db_secret:
         return None
     key = Fernet(config["encryption_key"].encode("utf-8"))
@@ -55,7 +58,9 @@ async def get_secret(datasette, secret_name, actor_id=None):
 @dataclasses.dataclass
 class Secret:
     name: str
-    description_html: Optional[str] = None
+    description: Optional[str] = None
+    obtain_url: Optional[str] = None
+    obtain_label: Optional[str] = None
 
 
 SCHEMA = """
@@ -114,25 +119,20 @@ def register_permissions(datasette):
 
 async def get_secrets(datasette):
     secrets = []
+    seen = set()
     for result in pm.hook.register_secrets(datasette=datasette):
         result = await await_me_maybe(result)
-        secrets.extend(result)
+        for secret in result:
+            if secret.name in seen:
+                continue  # Skip duplicates
+            seen.add(secret.name)
+            secrets.append(secret)
     # if not secrets:
     secrets.append(Secret("EXAMPLE_SECRET", "An example secret"))
 
     return secrets
 
 
-@hookimpl
-def register_secrets():
-    return [
-        Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
-        ),
-    ]
-
-
 @hookimpl
 def register_commands(cli):
     @cli.group()
@@ -183,6 +183,16 @@ async def secrets_index(datasette, request):
         list(environment_secrets_names),
     )
     existing_secrets = {row["name"]: dict(row) for row in existing_secrets_result.rows}
+    # Try to turn updated_by into actors
+    actors = await datasette.actors_from_ids(
+        {row["updated_by"] for row in existing_secrets.values() if row["updated_by"]}
+    )
+    for secret in existing_secrets.values():
+        if secret["updated_by"]:
+            actor = actors.get(secret["updated_by"])
+            if actor:
+                display = actor.get("username") or actor.get("name") or actor.get("id")
+                secret["updated_by"] = display
     unset_secrets = [
         secret
         for secret in all_secrets

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/datasette_secrets/templates/secrets_index.html

@@ -25,7 +25,10 @@
 <ul>
   {% for secret in unset_secrets %}
     <li><strong><a href="{{ urls.path("/-/secrets/") }}{{ secret.name }}">{{ secret.name }}</a></strong>
-    {% if secret.description_html %} - {{ secret.description_html|safe }}{% endif %}</li>
+    {% if secret.description or secret.obtain_label %}
+      - {{ secret.description or "" }}{% if secret.description and secret.obtain_label %}, {% endif %}
+      {% if secret.obtain_label %}<a href="{{ secret.obtain_url }}">{{ secret.obtain_label }}</a>{% endif %}
+    {% endif %}</li>
   {% endfor %}
 </ul>
 {% endif %}
@@ -34,7 +37,7 @@
 <p style="margin-top: 2em">The following secret{% if environment_secrets|length == 1 %} is{% else %}s are{% endif %} set using environment variables:</p>
 <ul>
   {% for secret in environment_secrets %}
-    <li><strong>{{ secret.name }}</a></strong>- {{ secret.description_html|safe }}<br>
+    <li><strong>{{ secret.name }}</a></strong>{% if secret.description %} - {{ secret.description }}{% endif %}<br>
       <span style="font-size: 0.8 em">Set by <code>DATASETTE_SECRETS_{{ secret.name }}</code></span></li>
   {% endfor %}
 </ul>

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/datasette_secrets/templates/secrets_update.html

@@ -9,8 +9,10 @@
 {% block content %}
 <h1>{% if current_secret %}Update{% else %}Add{% endif %} secret: {{ secret_name }}</h1>
 
-{% if secret_details and secret_details.description_html %}
-  <p>{{ secret_details.description_html|safe }}</p>
+{% if secret_details.description or secret_details.obtain_label %}
+  <p>{{ secret_details.description or "" }}{% if secret_details.description and secret_details.obtain_label %}. {% endif %}
+  {% if secret_details.obtain_label %}<a href="{{ secret_details.obtain_url }}">{{ secret_details.obtain_label }}</a>{% endif %}
+  </p>
 {% endif %}
 
 {% if error %}

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/datasette_secrets.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: datasette-secrets
-Version: 0.1a1
+Version: 0.1a3
 Summary: Manage secrets such as API keys for use with other Datasette plugins
 Author: Datasette
 License: Apache-2.0
@@ -105,6 +105,8 @@ datasette data.db --internal internal.db \
 
 users with the `manage-secrets` permission will see a new "Manage secrets" link in the Datasette navigation menu. This interface can also be accessed at `/-/secrets`.
 
+The page with the list of secrets will show the user who last updated each secret. This will use the [actors_from_ids()](https://docs.datasette.io/en/latest/plugin_hooks.html#actors-from-ids-datasette-actor-ids) mechanism, displaying the actor's `username` if available, otherwise the `name`, otherwise the `id`.
+
 ## For plugin authors
 
 Plugins can depend on this plugin if they want to implement secrets.
@@ -121,11 +123,24 @@ from datasette_secrets import Secret
 def register_secrets():
     return [
         Secret(
-            "OPENAI_API_KEY",
-            'An OpenAI API key. Get them from <a href="https://platform.openai.com/api-keys">here</a>.',
+            name="OPENAI_API_KEY",
+            description="An OpenAI API key"
+        ),
+    ]
+```
+You can also provide optional `obtain_url` and `obtain_label` fields to link to a page where a user can obtain an API key:
+```python
+@hookimpl
+def register_secrets():
+    return [
+        Secret(
+            name="OPENAI_API_KEY",
+            obtain_url="https://platform.openai.com/api-keys",
+            obtain_label="Get an OpenAI API key"
         ),
     ]
 ```
+
 The hook can take an optional `datasette` argument. It can return a list or an `async def` function that, when awaited, returns a list.
 
 The list should consist of `Secret()` instances, each with a name and an optional description. The description can contain HTML.

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "datasette-secrets"
-version = "0.1a1"
+version = "0.1a3"
 description = "Manage secrets such as API keys for use with other Datasette plugins"
 readme = "README.md"
 authors = [{name = "Datasette"}]

{datasette_secrets-0.1a1 → datasette_secrets-0.1a3}/tests/test_secrets.py

@@ -1,8 +1,10 @@
 from click.testing import CliRunner
 from cryptography.fernet import Fernet
+from datasette import hookimpl
 from datasette.app import Datasette
 from datasette.cli import cli
-from datasette_secrets import get_secret
+from datasette.plugins import pm
+from datasette_secrets import get_secret, Secret, startup
 import pytest
 from unittest.mock import ANY
 
@@ -21,6 +23,69 @@ def test_generate_command():
     assert key.decrypt(key.encrypt(message)) == message
 
 
+@pytest.fixture
+def use_actors_plugin():
+    class ActorPlugin:
+        __name__ = "ActorPlugin"
+
+        @hookimpl
+        def actors_from_ids(self, actor_ids):
+            return {
+                id: {
+                    "id": id,
+                    "username": id.upper(),
+                }
+                for id in actor_ids
+            }
+
+    pm.register(ActorPlugin(), name="ActorPlugin")
+    yield
+    pm.unregister(name="ActorPlugin")
+
+
+@pytest.fixture
+def register_multiple_secrets():
+    class SecretOnePlugin:
+        __name__ = "SecretOnePlugin"
+
+        @hookimpl
+        def register_secrets(self):
+            return [
+                Secret(
+                    name="OPENAI_API_KEY",
+                    obtain_url="https://platform.openai.com/api-keys",
+                    obtain_label="Get an OpenAI API key",
+                ),
+                Secret(
+                    name="ANTHROPIC_API_KEY", description="A key for Anthropic's API"
+                ),
+            ]
+
+    class SecretTwoPlugin:
+        __name__ = "SecretTwoPlugin"
+
+        @hookimpl
+        def register_secrets(self):
+            return [
+                Secret(
+                    name="OPENAI_API_KEY",
+                    description="Just a description but should be ignored",
+                ),
+                Secret(
+                    name="OPENCAGE_API_KEY",
+                    description="The OpenCage Geocoder",
+                    obtain_url="https://opencagedata.com/dashboard",
+                    obtain_label="Get an OpenCage API key",
+                ),
+            ]
+
+    pm.register(SecretTwoPlugin(), name="SecretTwoPlugin")
+    pm.register(SecretOnePlugin(), name="SecretOnePlugin")
+    yield
+    pm.unregister(name="SecretOnePlugin")
+    pm.unregister(name="SecretTwoPlugin")
+
+
 @pytest.fixture
 def ds():
     return Datasette(
@@ -65,7 +130,7 @@ async def test_permissions(ds, path, verb, data, user):
 
 
 @pytest.mark.asyncio
-async def test_set_secret(ds):
+async def test_set_secret(ds, use_actors_plugin):
     cookies = {"ds_actor": ds.client.actor_cookie({"id": "admin"})}
     get_response = await ds.client.get("/-/secrets/EXAMPLE_SECRET", cookies=cookies)
     csrftoken = get_response.cookies["ds_csrftoken"]
@@ -104,6 +169,13 @@ async def test_set_secret(ds):
     decrypted = key.decrypt(encrypted)
     assert decrypted == b"new-secret-value"
 
+    # Check that the listing is as expected, including showing the actor username
+    response = await ds.client.get("/-/secrets", cookies=cookies)
+    assert response.status_code == 200
+    assert "EXAMPLE_SECRET" in response.text
+    assert "new-note" in response.text
+    assert "<td>ADMIN</td>" in response.text
+
     # Now let's edit it
     post_response2 = await ds.client.post(
         "/-/secrets/EXAMPLE_SECRET",
@@ -187,3 +259,52 @@ async def test_get_secret(ds, monkeypatch):
     monkeypatch.setenv("DATASETTE_SECRETS_EXAMPLE_SECRET", "from env")
 
     assert await get_secret(ds, "EXAMPLE_SECRET") == "from env"
+
+    # And check that it's shown that way on the /-/secrets page
+    response = await ds.client.get("/-/secrets", cookies=cookies)
+    assert response.status_code == 200
+    expected_html = """
+    <li><strong>EXAMPLE_SECRET</a></strong> - An example secret<br>
+      <span style="font-size: 0.8 em">Set by <code>DATASETTE_SECRETS_EXAMPLE_SECRET</code></span></li>
+    """
+    assert remove_whitespace(expected_html) in remove_whitespace(response.text)
+
+    # Finally it should still work even if the datasette_secrets table is missing
+    await db.execute_write("drop table datasette_secrets")
+    monkeypatch.delenv("DATASETTE_SECRETS_EXAMPLE_SECRET")
+    assert await get_secret(ds, "EXAMPLE_SECRET") is None
+
+
+@pytest.mark.asyncio
+async def test_secret_index_page(ds, register_multiple_secrets):
+    response = await ds.client.get(
+        "/-/secrets",
+        cookies={
+            "ds_actor": ds.client.actor_cookie({"id": "admin"}),
+        },
+    )
+    assert response.status_code == 200
+    expected_html = """
+    <p style="margin-top: 2em">The following secrets have not been set:</p>
+    <ul>
+        <li><strong><a href="/-/secrets/OPENAI_API_KEY">OPENAI_API_KEY</a></strong>
+        -
+        <a href="https://platform.openai.com/api-keys">Get an OpenAI API key</a>
+        </li>
+        <li><strong><a href="/-/secrets/ANTHROPIC_API_KEY">ANTHROPIC_API_KEY</a></strong>
+        - A key for Anthropic&#39;s API
+        </li>
+        <li><strong><a href="/-/secrets/OPENCAGE_API_KEY">OPENCAGE_API_KEY</a></strong>
+        - The OpenCage Geocoder,
+        <a href="https://opencagedata.com/dashboard">Get an OpenCage API key</a>
+        </li>
+        <li><strong><a href="/-/secrets/EXAMPLE_SECRET">EXAMPLE_SECRET</a></strong>
+        - An example secret
+        </li>
+    </ul>
+    """
+    assert remove_whitespace(expected_html) in remove_whitespace(response.text)
+
+
+def remove_whitespace(s):
+    return " ".join(s.split())