1. Patchew
  2. Libvirt
  3. [libvirt] [jenkins-ci PATCH 00/20] quayadmin: Introduce Quay API client
  4. View patch

[libvirt] [jenkins-ci PATCH 10/20] quayadmin: Read configuration from file

Andrea Bolognani posted 20 patches 6 years, 6 months ago
There is a newer version of this series
[libvirt] [jenkins-ci PATCH 10/20] quayadmin: Read configuration from file
Posted by Andrea Bolognani 6 years, 6 months ago 
We don't want sensitive information such as the API token to
be stored into the script, both because it could lead to them
being leaked by mistake and because it makes it needlessly
complicated for users to take advantage of the tool.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 guests/quayadmin | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/guests/quayadmin b/guests/quayadmin
index 25128e5..4e60653 100755
--- a/guests/quayadmin
+++ b/guests/quayadmin
@@ -19,15 +19,32 @@
 # with this program. If not, see <https://www.gnu.org/licenses/>.
 
 import argparse
+import configparser
+import os
 import pprint
 import requests
 import sys
 
 def get_config():
-    config = {
-        "baseurl": "https://quay.io/api/v1",
-        "token": "xxx",
-    }
+    try:
+        path = os.environ["XDG_CONFIG_HOME"]
+    except KeyError:
+        path = os.path.join(os.environ["HOME"], ".config")
+    path = os.path.join(os.path.join(path, "quayadmin"), "config.ini")
+
+    try:
+        parser = configparser.ConfigParser()
+        parser.read_file(open(path))
+    except Exception as ex:
+        raise Exception("Cannot load config: {}".format(ex))
+
+    try:
+        config = {
+            "baseurl": "https://quay.io/api/v1",
+            "token": parser["DEFAULT"]["token"],
+        }
+    except KeyError:
+        raise Exception("Token not found in {}".format(path))
 
     return config
 
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH 10/20] quayadmin: Read configuration from file
Posted by Daniel P. Berrangé 6 years, 6 months ago 
On Wed, Jul 17, 2019 at 01:53:59PM +0200, Andrea Bolognani wrote:
> We don't want sensitive information such as the API token to
> be stored into the script, both because it could lead to them
> being leaked by mistake and because it makes it needlessly
> complicated for users to take advantage of the tool.

We arguably don't want the token stored cleartext in a
config file either. How about making use of the system
keyring - there's a python module that looks to make
this fairly easy

  https://pypi.org/project/keyring/


> 
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---
>  guests/quayadmin | 25 +++++++++++++++++++++----
>  1 file changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/guests/quayadmin b/guests/quayadmin
> index 25128e5..4e60653 100755
> --- a/guests/quayadmin
> +++ b/guests/quayadmin
> @@ -19,15 +19,32 @@
>  # with this program. If not, see <https://www.gnu.org/licenses/>.
>  
>  import argparse
> +import configparser
> +import os
>  import pprint
>  import requests
>  import sys
>  
>  def get_config():
> -    config = {
> -        "baseurl": "https://quay.io/api/v1",
> -        "token": "xxx",
> -    }
> +    try:
> +        path = os.environ["XDG_CONFIG_HOME"]
> +    except KeyError:
> +        path = os.path.join(os.environ["HOME"], ".config")
> +    path = os.path.join(os.path.join(path, "quayadmin"), "config.ini")
> +
> +    try:
> +        parser = configparser.ConfigParser()
> +        parser.read_file(open(path))
> +    except Exception as ex:
> +        raise Exception("Cannot load config: {}".format(ex))
> +
> +    try:
> +        config = {
> +            "baseurl": "https://quay.io/api/v1",
> +            "token": parser["DEFAULT"]["token"],
> +        }
> +    except KeyError:
> +        raise Exception("Token not found in {}".format(path))
>  
>      return config
>  
> -- 
> 2.21.0
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [jenkins-ci PATCH 10/20] quayadmin: Read configuration from file
Posted by Andrea Bolognani 6 years, 6 months ago 
On Wed, 2019-07-17 at 13:03 +0100, Daniel P. Berrangé wrote:
> On Wed, Jul 17, 2019 at 01:53:59PM +0200, Andrea Bolognani wrote:
> > We don't want sensitive information such as the API token to
> > be stored into the script, both because it could lead to them
> > being leaked by mistake and because it makes it needlessly
> > complicated for users to take advantage of the tool.
> 
> We arguably don't want the token stored cleartext in a
> config file either. How about making use of the system
> keyring - there's a python module that looks to make
> this fairly easy
> 
>   https://pypi.org/project/keyring/

Sounds good as a follow-up improvement[1], but since clearly neither
of us has a ton of time to dedicate to this specific script I'd
rather merge the Good Enough™ solution for the time being instead of
blocking the whole thing on keyring integration.


[1] I wonder if I can manage to integrate it with my existing pass(1)
    setup? That's be pretty neat!
-- 
Andrea Bolognani / Red Hat / Virtualization

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.