-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcredential_loaders.py
52 lines (42 loc) · 1.8 KB
/
credential_loaders.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
"""Simple interface for loading sensitive credentials. Intended to easily shim in other key management systems."""
import abc
import os
class CredentialLoader(abc.ABC):
@abc.abstractmethod
def load_credentials(self) -> str:
"""Loads credentials per the child implementation (e.g. environment variable, local file, GCP-KMS...)"""
pass
class EnvVarCredentialLoader(CredentialLoader):
def __init__(self, env_var_name):
"""
CredentialLoader that loads credential from environment variable.
Args:
env_var_name: Name of environment variable to load (e.g. 'MY_SECRET_PW')
"""
super().__init__()
self.env_var_name = env_var_name
def load_credentials(self) -> str:
if self.env_var_name not in os.environ:
raise ValueError(f"{self.__class__.__name__} expected env var {self.env_var_name} to be set")
return os.environ[self.env_var_name]
class PlaintextCredentialLoader(CredentialLoader):
def __init__(self, fpath):
"""
CredentialLoader that reads credentials from disk in plaintext.
Not secure. Designed for prototyping, not production.
Args:
fpath: full path to credentials on disk
"""
super().__init__()
self.fpath = fpath
def load_credentials(self) -> str:
if not os.path.exists(self.fpath):
raise FileNotFoundError(f"Cannot find credentials file {self.fpath}")
with open(self.fpath, "r") as fh:
lines = fh.readlines()
if len(lines) != 1:
raise NotImplementedError(
f"Not sure how to interpret multiline credential file {self.fpath} " f"({len(lines)} lines)."
)
credentials = lines[0].rstrip("\n")
return credentials