Re: [libvirt] [jenkins-ci PATCH 10/20] quayadmin: Read configuration from file
On Wed, Jul 17, 2019 at 01:53:59PM +0200, Andrea Bolognani wrote:
We don't want sensitive information such as the API token to
be stored into the script, both because it could lead to them
being leaked by mistake and because it makes it needlessly
complicated for users to take advantage of the tool.
We arguably don't want the token stored cleartext in a
config file either. How about making use of the system
keyring - there's a python module that looks to make
this fairly easy
https://pypi.org/project/keyring/
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/quayadmin | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/guests/quayadmin b/guests/quayadmin
index 25128e5..4e60653 100755
--- a/guests/quayadmin
+++ b/guests/quayadmin
@@ -19,15 +19,32 @@
# with this program. If not, see <https://www.gnu.org/licenses/>;.
import argparse
+import configparser
+import os
import pprint
import requests
import sys
def get_config():
- config = {
- "baseurl": "https://quay.io/api/v1",
- "token": "xxx",
- }
+ try:
+ path = os.environ["XDG_CONFIG_HOME"]
+ except KeyError:
+ path = os.path.join(os.environ["HOME"], ".config")
+ path = os.path.join(os.path.join(path, "quayadmin"),
"config.ini")
+
+ try:
+ parser = configparser.ConfigParser()
+ parser.read_file(open(path))
+ except Exception as ex:
+ raise Exception("Cannot load config: {}".format(ex))
+
+ try:
+ config = {
+ "baseurl": "https://quay.io/api/v1",
+ "token": parser["DEFAULT"]["token"],
+ }
+ except KeyError:
+ raise Exception("Token not found in {}".format(path))
return config
--
2.21.0
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|