Browse Source

Read secrets from libsecret instead of config file

Jakub Valenta 4 months ago
parent
commit
193cff8910
3 changed files with 32 additions and 6 deletions
  1. 10 3
      account_statement/account_statement.py
  2. 6 3
      account_statement/common.py
  3. 16 0
      account_statement/secrets.py

+ 10 - 3
account_statement/account_statement.py

@@ -8,7 +8,8 @@ from typing import Any, Callable, Dict, Iterable, Iterator, List, Sequence
 import listio
 import yaml
 
-from .common import Transaction, TransactionJSONEncoder
+from account_statement.common import Transaction, TransactionJSONEncoder
+from account_statement.secrets import lookup_secret
 
 Secrets = List[Dict[str, Any]]
 
@@ -76,7 +77,10 @@ def read_transactions(secrets: Secrets,
         date_from = config['date_from']
         date_to = config.get('date_to')
         if backend == 'fio':
-            token = config['token']
+            token = lookup_secret(
+                config['token_key'],
+                config['token_val']
+            )
             from .backends import fio
             yield from fio.read_account_statement(
                 token,
@@ -86,7 +90,10 @@ def read_transactions(secrets: Secrets,
         elif backend == 'hbci':
             from .backends import hbci
             account_no = str(config['account_no'])
-            password = config['password']
+            password = lookup_secret(
+                config['password_key'],
+                config['password_val']
+            )
             currency = config['currency']
             yield from hbci.read_account_statement(
                 account_no,

+ 6 - 3
account_statement/common.py

@@ -40,7 +40,8 @@ def _format_cache_key(date_from: datetime.date, date_to: datetime.date) -> str:
         date_to=date_to.strftime('%y%m%d'))
 
 
-def read_cached_data(path_cache_dir: str, date_from: datetime.date,
+def read_cached_data(path_cache_dir: str,
+                     date_from: datetime.date,
                      date_to: datetime.date) -> Optional[str]:
     cache_key = _format_cache_key(date_from, date_to)
     path_cache_file = os.path.join(path_cache_dir, cache_key)
@@ -51,8 +52,10 @@ def read_cached_data(path_cache_dir: str, date_from: datetime.date,
     return None
 
 
-def write_data_to_cache(path_cache_dir: str, date_from: datetime.date,
-                        date_to: datetime.date, data: str):
+def write_data_to_cache(path_cache_dir: str,
+                        date_from: datetime.date,
+                        date_to: datetime.date,
+                        data: str):
     cache_key = _format_cache_key(date_from, date_to)
     path_cache_file = os.path.join(path_cache_dir, cache_key)
     os.makedirs(path_cache_dir, exist_ok=True)

+ 16 - 0
account_statement/secrets.py

@@ -0,0 +1,16 @@
+import subprocess
+
+
+def lookup_secret(key: str, val: str) -> str:
+    completed_process = subprocess.run(
+        [
+            'secret-tool',
+            'lookup',
+            key,
+            val,
+        ],
+        stdout=subprocess.PIPE,
+        check=True,
+        universal_newlines=True  # Don't use arg 'text' for Python 3.6 compat.
+    )
+    return completed_process.stdout