-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Environment Variable Resolver #254
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…lso added all currently installed packages to the info dump (in comments) such that a minimal python env should be able to be re-constructed
Pull Request Test Coverage Report for Build 2333348687Warning: This coverage report may be inaccurate.This pull request's base commit is no longer the HEAD commit of its target branch. This means it includes changes from outside the original pull request, including, potentially, unrelated coverage changes.
Details
💛 - Coveralls |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This adds a resolver for environment variables thus allowing the definition of simple
spock
parameters with the following syntax:${spock.env:value, default}
-- this will read the value from an env variable and fall back on the default if given. Currently supports only simple python types: float, int, string, bool (there are no future plans to support complex types as value and type resolution would require significant effort)Additionally, this PR also implements the ability to annotate these resolvers. Currently implemented are
inject
andcrypto
.Inject
This will 'inject' the original env variable definition back into the saved
spock
state when writing to file. For instance, if a parameter is defined as with the inject annotation (by adding.inject
to the env annotation):DUMMY
will be read from the environment variable and set to its actual value within theSpockspace
, however when written to file instead of the read value being written, the original syntax will be written instead (thus still referencing the env variable and not fixing the value):Crypto
Sometimes these env variables or other given variables within a
spock
config might be sensitive information (i.e. a lot of cloud infra uses env variables that might contain passwords, internal DNS domains, etc.). Therefore, the crypto annotation (by adding.crypto
to a resolver) provides a simple way to hide these sensitive variables while still maintaining the written/loadable state of thespock
config by using thecryptography
package (via a salt and key) to 'encrypt' these sensitive values and prevent them from being stored in plaintext.For instance, here you can add the
.crypto
annotation to thespock.env
notation to indicate that this variable should be 'encrypted' when writing to file.Producing...
This will also dump a
*.spock.cfg.salt.yaml
*.spock.cfg.key.yaml
to file with the same UUID which can be used to 'decrypt' these values within python code.The
SpockBuilder
class now takeskey
andsalt
arguments which can be paths to the salt and key yaml files, direct values of the key (ByteString) and salt (string), or env resolvers to the salt and key (e.g. '${spock.env:SALT}') which will automatically 'decrypt' the values when building theSpockspace
Partial implementation of discussion in #243.
Bonus addition, saving the
spock
config with theextra_info
flag now dumps all the currently installed packages within a commented block at the end of the file.Checklist