# Copyright (c) HashiCorp, Inc.# SPDX-License-Identifier: MPL-2.0"""Provides Grove secret storage using supported backends."""importabcimportloggingfromtypingimportListfromgrove.exceptionsimportAccessException,DataFormatExceptionfromgrove.modelsimportConnectorConfig,decode
[docs]classBaseSecret(abc.ABC):def__init__(self):"""Provides the basis for all Grove secret backends."""self.logger=logging.getLogger(__name__)
[docs]@abc.abstractmethoddefget(self,path:str)->str:"""Gets the secret with the given identifier from the given backend. :param path: The path to the credential to get. :return: The decoded plain-text credential for use by connectors. """pass
[docs]defload(self,configurations:List[ConnectorConfig])->List[ConnectorConfig]:"""Gets secrets from the backend, inserting them into configuration objects. This method should not be implemented by secrets handlers, as the operations should be identical between implementations (calls to get()). :param configurations: A list of ConnectorConfig objects from the configuration backend. :return: A list of ConnectorConfig objects with secrets included. """ready=[]forconfigurationinconfigurations:# Fetch the the real secret from the backend using the identifier from the# 'secrets' object - decoding it if required.try:forfield,identifierinconfiguration.secrets.items():self.logger.debug("Attempting to get query secret from backend",extra={"field":field,"identifier":identifier,"document":configuration.name,},)candidate=self.get(identifier)# Decode the value, if required.iffieldinconfiguration.encoding:candidate=decode(candidate,configuration.encoding[field])setattr(configuration,field,candidate)exceptDataFormatExceptionaserr:self.logger.error("Unable to decode secret for connector, skipping",extra={"document":configuration.name,"field":field,"exception":err,},)continueexcept(AccessException,IndexError)aserr:self.logger.error("Unable to get secret for connector, skipping",extra={"document":configuration.name,"field":field,"exception":err,},)continue# Some connectors may not have any secrets.ready.append(configuration)returnready