shopcloud_secrethub 2.19.0__tar.gz

shopcloud_secrethub-2.19.0/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Talk-Point GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

shopcloud_secrethub-2.19.0/PKG-INFO

@@ -0,0 +1,104 @@
+Metadata-Version: 2.4
+Name: shopcloud_secrethub
+Version: 2.19.0
+Summary: CLI tool for the Shopcloud SecretHub
+Author-email: Konstantin Stoldt <konstantin.stoldt@talk-point.de>
+License: MIT
+Project-URL: Homepage, https://github.com/Talk-Point/shopcloud-secrethub-cli
+Keywords: CLI
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: requests>=2.28
+Dynamic: license-file
+
+# Shopcloud SecretHub CLI
+
+The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
+
+## install
+
+```sh
+pip install shopcloud_secrethub
+```
+
+Or with uv:
+
+```sh
+uv add shopcloud_secrethub
+```
+
+### Usage
+
+
+__Reading and writing secrets:__
+
+```sh
+$ secrethub auth
+$ secrethub read <secret-name>
+$ secrethub write <secret-name> <value>
+```
+
+
+__Provisioning your applications with secrets:__
+
+Provision a template file
+
+```sh
+$ secrethub inject -i app.temp.yaml -o app.yaml
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+Provision to the environment
+
+```sh
+$ eval `secrethub printenv -i app.temp.yaml`
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+__in Code:__
+
+```py
+from shopcloud_secrethub import SecretHub
+hub = SecretHub(user_app="test-script", api_token='<TOKEN>')
+hub.read('talk-point/test-repo/secret_key')
+```
+
+### Contributing
+
+Install uv if you don't have it:
+
+```sh
+curl -LsSf https://astral.sh/uv/install.sh | sh
+```
+
+Set up the project:
+
+```sh
+uv sync
+```
+
+Run tests:
+
+```sh
+uv run pytest
+```
+
+### Deploy to PyPI
+
+Deployment is handled automatically by CI when pushing to `master`. To build and publish manually:
+
+```sh
+uv build
+uv publish
+```

shopcloud_secrethub-2.19.0/README.md

@@ -0,0 +1,90 @@
+# Shopcloud SecretHub CLI
+
+The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
+
+## install
+
+```sh
+pip install shopcloud_secrethub
+```
+
+Or with uv:
+
+```sh
+uv add shopcloud_secrethub
+```
+
+### Usage
+
+
+__Reading and writing secrets:__
+
+```sh
+$ secrethub auth
+$ secrethub read <secret-name>
+$ secrethub write <secret-name> <value>
+```
+
+
+__Provisioning your applications with secrets:__
+
+Provision a template file
+
+```sh
+$ secrethub inject -i app.temp.yaml -o app.yaml
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+Provision to the environment
+
+```sh
+$ eval `secrethub printenv -i app.temp.yaml`
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+__in Code:__
+
+```py
+from shopcloud_secrethub import SecretHub
+hub = SecretHub(user_app="test-script", api_token='<TOKEN>')
+hub.read('talk-point/test-repo/secret_key')
+```
+
+### Contributing
+
+Install uv if you don't have it:
+
+```sh
+curl -LsSf https://astral.sh/uv/install.sh | sh
+```
+
+Set up the project:
+
+```sh
+uv sync
+```
+
+Run tests:
+
+```sh
+uv run pytest
+```
+
+### Deploy to PyPI
+
+Deployment is handled automatically by CI when pushing to `master`. To build and publish manually:
+
+```sh
+uv build
+uv publish
+```

shopcloud_secrethub-2.19.0/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools>=61"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "shopcloud_secrethub"
+version = "2.19.0"
+description = "CLI tool for the Shopcloud SecretHub"
+readme = "README.md"
+license = { text = "MIT" }
+authors = [{ name = "Konstantin Stoldt", email = "konstantin.stoldt@talk-point.de" }]
+keywords = ["CLI"]
+requires-python = ">=3.11"
+dependencies = ["requests>=2.28"]
+
+[project.urls]
+Homepage = "https://github.com/Talk-Point/shopcloud-secrethub-cli"
+
+[project.scripts]
+secrethub = "shopcloud_secrethub.__main__:main"
+
+[dependency-groups]
+dev = ["pytest>=8"]
+
+[tool.ruff]
+select = [
+    "E",  # pycodestyle errors
+    "W",  # pycodestyle warnings
+    "F",  # pyflakes
+    "I",  # isort
+    "UP", # pyupgrade
+    "C",  # flake8-comprehensions
+    "B",  # flake8-bugbear
+]
+ignore = [
+    "E501",  # line too long
+    "B008",  # do not perform function calls in argument defaults
+    "F401",
+    "C901",  # too complex
+]

shopcloud_secrethub-2.19.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

shopcloud_secrethub-2.19.0/shopcloud_secrethub/__init__.py

@@ -0,0 +1 @@
+from .app import *  # noqa: F403

shopcloud_secrethub-2.19.0/shopcloud_secrethub/__main__.py

@@ -0,0 +1,54 @@
+import argparse
+import sys
+
+from . import cli
+
+
+def main():
+    parser = argparse.ArgumentParser(
+        description='SecretHub',
+        prog='shopcloud-secrethub'
+    )
+
+    subparsers = parser.add_subparsers(help='commands', title='commands')
+
+    parser_auth = subparsers.add_parser('auth', help='generate auth file')
+    parser_auth.set_defaults(which='auth')
+
+    parser_auth = subparsers.add_parser('token-refresh', help='generate new token')
+    parser_auth.set_defaults(which='token-refresh')
+
+    parser_read = subparsers.add_parser('read', help='read a secret')
+    parser_read.add_argument('name', type=str, help='secret name')
+    parser_read.add_argument('--output', '-o', help='Output Format', choices=['text', 'json', 'raw'])
+    parser_read.set_defaults(which='read')
+
+    parser_write = subparsers.add_parser('write', help='write a secret')
+    parser_write.add_argument('name', type=str, help='secret name')
+    parser_write.add_argument('value', type=str, help='secret value', nargs='?')
+    parser_write.add_argument(
+        '--in-file',
+        '-i',
+        nargs='?',
+        help='Use the contents of this file as the value of the secret.'
+    )
+    parser_write.set_defaults(which='write')
+
+    parser_inject = subparsers.add_parser('inject', help='inject the secrets')
+    parser_inject.add_argument('-i', required=True)
+    parser_inject.add_argument('-o', required=True)
+    parser_inject.set_defaults(which='inject')
+
+    parser_printenv = subparsers.add_parser('printenv', help='print as env export')
+    parser_printenv.add_argument('-i', required=True)
+    parser_printenv.set_defaults(which='printenv')
+
+    args = parser.parse_args()
+    if len(sys.argv) == 1:
+        parser.print_help(sys.stderr)
+        sys.exit(1)
+    cli.main(args)
+
+
+if __name__ == '__main__':
+    main()

shopcloud_secrethub-2.19.0/shopcloud_secrethub/app.py

@@ -0,0 +1,145 @@
+import configparser
+import os
+from typing import List
+
+import requests
+
+from . import exceptions
+
+
+class ConfigFile:
+    def __init__(self, path, **kwargs):
+        self.path = path
+        self._token = kwargs.get('api_token')
+
+        if self._token is None:
+            self._load_from_env()
+            if self._token is None:
+                self._load_from_config()
+
+    def _load_from_env(self):
+        token = os.environ.get('SECRETHUB_TOKEN')
+        if token is not None:
+            self._token = token
+
+    def _load_from_config(self):
+        config = configparser.ConfigParser()
+        config.read(self.path)
+        if 'default' not in config:
+            raise Exception(f'Error loading file {self.path} use auth to generate')
+
+        self._token = config['default']['token']
+
+    @property
+    def token(self) -> str:
+        if self._token is None:
+            raise Exception('No Auth Token exists')
+        return self._token
+
+    @staticmethod
+    def generate(path: str, token: str):
+        config = configparser.ConfigParser()
+        config.add_section('default')
+        config['default']['token'] = token
+
+        with open(path, 'w') as configfile:
+            config.write(configfile)
+
+
+class App:
+    def __init__(self, path, **kwargs):
+        self.config = ConfigFile(path, api_token=kwargs.get('api_token'))
+        self.endpoint = kwargs.get('endpoint', 'shopcloud-secrethub.ey.r.appspot.com')
+
+    def read(self, secretname, **kwargs) -> List:
+        headers = {
+            'Authorization': self.config.token.strip(),
+            'User-Agent': kwargs.get('user_agent', 'secrethub-cli'),
+            'User-App': kwargs.get('user_app')
+        }
+        response = requests.get(
+            f'https://{self.endpoint}/hub/api/secrets/',
+            headers=headers,
+            params={
+                'q': secretname,
+            }
+        )
+        if not (200 <= response.status_code <= 299):
+            if response.status_code == 403:
+                raise exceptions.APIAuthError()
+            raise exceptions.APIError()
+
+        return response.json().get('results', [])
+
+    def write(self, secretname, value, **kwargs):
+        headers = {
+            'Authorization': self.config.token,
+            'User-Agent': kwargs.get('user_agent', 'secrethub-cli'),
+            'User-App': kwargs.get('user_app')
+        }
+        response = requests.post(
+            f'https://{self.endpoint}/hub/api/secrets/write/',
+            headers=headers,
+            json={
+                'name': secretname,
+                'value': value
+            }
+        )
+
+        if not (200 <= response.status_code <= 299):
+            if response.status_code == 404:
+                raise exceptions.APIAuthError()
+            raise exceptions.APIError()
+
+        return response.json()
+
+    def token_refresh(self, **kwargs) -> str:
+        headers = {
+            'Authorization': self.config.token,
+            'User-Agent': kwargs.get('user_agent', 'secrethub-cli'),
+            'User-App': kwargs.get('user_app')
+        }
+        response = requests.post(
+            f'https://{self.endpoint}/hub/api/tokens/refresh/',
+            headers=headers,
+            json={}
+        )
+
+        if not (200 <= response.status_code <= 299):
+            if response.status_code == 403:
+                raise exceptions.APIAuthError()
+            raise exceptions.APIError()
+
+        return response.json().get('token', {}).get('value')
+
+
+class SecretHub:
+    def __init__(self, **kwargs):
+        path = os.path.expanduser('~/.secrethub')
+        self.app = App(path, api_token=kwargs.get('api_token'))
+        self.secrets = {}
+        self.user_app = kwargs.get('user_app')
+
+    def read(self, secretname: str):
+        secret = self.secrets.get(secretname)
+        if secret is not None:
+            return secret.get('value')
+
+        secrets = self.app.read(
+            secretname,
+            user_agent='secrethub-code',
+            user_app=self.user_app
+        )
+        if len(secrets) == 0:
+            raise Exception(f'can not access secret `{secretname}`')
+        secret = secrets[0]
+        self.secrets[secret.get('name')] = secret
+        return secrets[0].get('value')
+
+    def write(self, secretname: str, value: str):
+        return self.app.write(
+            secretname,
+            value,
+            user_agent='secrethub-code',
+            user_app=self.user_app
+        )

shopcloud_secrethub-2.19.0/shopcloud_secrethub/cli.py

@@ -0,0 +1,121 @@
+import getpass
+import json
+import os
+import pwd
+import re
+
+from . import exceptions
+from .app import App, ConfigFile
+
+
+def get_username():
+    try:
+        return pwd.getpwuid( os.getuid())[0]
+    except Exception:
+        return None
+
+
+def main(args):
+    path = os.path.expanduser('~/.secrethub')
+    username = get_username()
+    command = args.which
+
+    if command == 'auth':
+        token = getpass.getpass('Token:')
+        ConfigFile.generate(path, token)
+    elif command == 'token-refresh':
+        app = App(path)
+        new_token = app.token_refresh()
+        ConfigFile.generate(path, new_token)
+    elif command == 'read':
+        app = App(path)
+        try:
+            secrets = app.read(args.name, user_app=username)
+        except exceptions.APIAuthError:
+            print('Authentication Error - Token invalid')
+            exit(1)
+        except exceptions.APIError:
+            print('API Error')
+            exit(1)
+        except Exception as e:
+            print(f'Error {e}')
+            exit(1)
+        if len(secrets) == 0:
+            raise Exception(f'can not access secret `{args.name}`')
+        if args.output is None:
+            for secret in secrets:
+                value = secret.get('value').encode('unicode_escape').decode('utf-8')
+                print(f"{secret.get('name')}={value}")
+        elif args.output == 'raw':
+            for secret in secrets:
+                value = secret.get('value').encode('unicode_escape').decode('utf-8')
+                print(value.replace('\\n', "\n"))
+        elif args.output == 'json':
+            for secret in secrets:
+                print(json.dumps(secret))
+    elif command == 'write':
+        app = App(path)
+
+        if args.in_file is not None:
+            with open(args.in_file) as f:
+                s = f.read()
+                try:
+                    app.write(args.name, s, user_app=username)
+                except exceptions.APIAuthError:
+                    print('Authentication Error - Token invalid')
+                    exit(1)
+                except exceptions.APIError:
+                    print('API Error')
+                    exit(1)
+                except Exception as e:
+                    print(f'Error {e}')
+                    exit(1)
+        else:
+            if args.value is None:
+                raise Exception("value must set")
+            try:
+                app.write(args.name, args.value, user_app=username)
+            except exceptions.APIAuthError:
+                print('Authentication Error - Token invalid')
+                exit(1)
+            except exceptions.APIError:
+                print('API Error')
+                exit(1)
+            except Exception as e:
+                print(f'Error {e}')
+                exit(1)
+    elif command == 'inject' or command == 'printenv':
+        app = App(path)
+
+        with open(args.i) as f:
+            template = f.read()
+
+        def extract(x):
+            name = x.replace("{{", '').replace('}}', '').strip()
+            try:
+                secrets = app.read(name, user_app=username)
+            except exceptions.APIAuthError:
+                print('Authentication Error - Token invalid')
+                exit(1)
+            except exceptions.APIError:
+                print('API Error')
+                exit(1)
+            except Exception as e:
+                print(f'Error {e}')
+                exit(1)
+            if len(secrets) == 0:
+                raise AttributeError(f"Secret not found {name}")
+            key_s = "/".join(name.split('/')[-1:]).upper().replace('/', '_').replace('-', '_')
+            return (x, key_s, secrets[0].get('value'))
+
+        variables = [extract(x) for x in re.findall('{{.*}}', template)]
+
+        if command == 'printenv':
+            for _, key, value in variables:
+                value = value.replace('$', r'\$')
+                print(f"export {key}=\"{value}\"")
+        else:
+            for key, _, value in variables:
+                template = template.replace(key, f"\"{value}\"")
+            with open(args.o, 'w') as writer:
+                writer.write(template)

shopcloud_secrethub-2.19.0/shopcloud_secrethub/exceptions.py

@@ -0,0 +1,6 @@
+class APIAuthError(Exception):
+    pass
+
+
+class APIError(Exception):
+    pass

shopcloud_secrethub-2.19.0/shopcloud_secrethub/test_cli.py

@@ -0,0 +1,6 @@
+def inc(x):
+    return x + 1
+
+
+def test_answer():
+    assert inc(3) == 4

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/PKG-INFO

@@ -0,0 +1,104 @@
+Metadata-Version: 2.4
+Name: shopcloud_secrethub
+Version: 2.19.0
+Summary: CLI tool for the Shopcloud SecretHub
+Author-email: Konstantin Stoldt <konstantin.stoldt@talk-point.de>
+License: MIT
+Project-URL: Homepage, https://github.com/Talk-Point/shopcloud-secrethub-cli
+Keywords: CLI
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE.txt
+Requires-Dist: requests>=2.28
+Dynamic: license-file
+
+# Shopcloud SecretHub CLI
+
+The SecretHub CLI provides the command-line interface to interact with the SecretHub API.
+
+## install
+
+```sh
+pip install shopcloud_secrethub
+```
+
+Or with uv:
+
+```sh
+uv add shopcloud_secrethub
+```
+
+### Usage
+
+
+__Reading and writing secrets:__
+
+```sh
+$ secrethub auth
+$ secrethub read <secret-name>
+$ secrethub write <secret-name> <value>
+```
+
+
+__Provisioning your applications with secrets:__
+
+Provision a template file
+
+```sh
+$ secrethub inject -i app.temp.yaml -o app.yaml
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+Provision to the environment
+
+```sh
+$ eval `secrethub printenv -i app.temp.yaml`
+
+# app.temp.yaml
+env_variables:
+  ENV: {{ talk-point/test-repo/env }}
+  SECRET_KEY: {{ talk-point/test-repo/secret_key }}
+
+```
+
+__in Code:__
+
+```py
+from shopcloud_secrethub import SecretHub
+hub = SecretHub(user_app="test-script", api_token='<TOKEN>')
+hub.read('talk-point/test-repo/secret_key')
+```
+
+### Contributing
+
+Install uv if you don't have it:
+
+```sh
+curl -LsSf https://astral.sh/uv/install.sh | sh
+```
+
+Set up the project:
+
+```sh
+uv sync
+```
+
+Run tests:
+
+```sh
+uv run pytest
+```
+
+### Deploy to PyPI
+
+Deployment is handled automatically by CI when pushing to `master`. To build and publish manually:
+
+```sh
+uv build
+uv publish
+```

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/SOURCES.txt

@@ -0,0 +1,15 @@
+LICENSE.txt
+README.md
+pyproject.toml
+shopcloud_secrethub/__init__.py
+shopcloud_secrethub/__main__.py
+shopcloud_secrethub/app.py
+shopcloud_secrethub/cli.py
+shopcloud_secrethub/exceptions.py
+shopcloud_secrethub/test_cli.py
+shopcloud_secrethub.egg-info/PKG-INFO
+shopcloud_secrethub.egg-info/SOURCES.txt
+shopcloud_secrethub.egg-info/dependency_links.txt
+shopcloud_secrethub.egg-info/entry_points.txt
+shopcloud_secrethub.egg-info/requires.txt
+shopcloud_secrethub.egg-info/top_level.txt

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+secrethub = shopcloud_secrethub.__main__:main

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/requires.txt

@@ -0,0 +1 @@
+requests>=2.28

shopcloud_secrethub-2.19.0/shopcloud_secrethub.egg-info/top_level.txt

@@ -0,0 +1 @@
+shopcloud_secrethub