Add keys to environment variable

kiwicom · Jan 14, 2020 · 59685c9 · 59685c9
1 parent 4ce5c2d
commit 59685c9
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 14 deletions.
diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -6,6 +6,10 @@ Changelog
 `Unreleased`_
 -------------
 
+Added
+~~~~~
+- Add keys to environment variable name before search in Vault.
+
 Fixed
 ~~~~~
 - Change Flask KonfigProxy to behave like Flask config.

diff --git a/src/konfetti/vault/core.py b/src/konfetti/vault/core.py
@@ -61,24 +61,31 @@ def evaluate(self, backend, closure):
 
     def _try_load_from_env(self, backend):
         # type: (VaultBackend) -> Any
-        value = EnvVariable(self.override_variable_name, cast=self.cast).evaluate()
+        try:
+            value = self._try_load_dict_from_env()
+        except exceptions.MissingError:
+            value = EnvVariable(self.override_variable_name(add_keys=True), cast=self.cast).evaluate()
+
+        if backend.is_async:
+            from .._async import make_simple_coro  # pylint: disable=import-outside-toplevel
+
+            value = make_simple_coro(value)
+        return value
+
+    def _try_load_dict_from_env(self):
+        value = EnvVariable(self.override_variable_name(), cast=self.cast).evaluate()
         try:
             value = json.loads(value)
         except (ValueError, TypeError):
             pass
         if not isinstance(value, dict):
             raise exceptions.InvalidSecretOverrideError(
                 "`{}` variable should be a JSON-encoded dictionary, got: `{}`".format(
-                    self.override_variable_name, value
+                    self.override_variable_name(), value
                 )
             )
         for key in self.keys:
             value = value[key]
-
-        if backend.is_async:
-            from .._async import make_simple_coro  # pylint: disable=import-outside-toplevel
-
-            value = make_simple_coro(value)
         return value
 
     def _load_credentials(self, closure):
@@ -141,9 +148,8 @@ def disabled(self):
         # Move to some global config or we need to modify in runtime?
         return EnvVariable(SECRETS_DISABLED_VARIABLE, default=False, cast=bool).evaluate()
 
-    @property
-    def override_variable_name(self):
-        # type: () -> str
+    def override_variable_name(self, add_keys=False):
+        # type: (bool) -> str
         """Convert path to a name of environment variable that will be checked for overriding.
 
         If some key in that secret is going to be overridden then its name is concatenated
@@ -152,7 +158,10 @@ def override_variable_name(self):
         Example:
             config.vault("path/to") -> "PATH__TO"
         """
-        return self.path.strip("/").replace("/", SEPARATOR).upper()
+        path = self.path.strip("/")
+        if add_keys:
+            path = "/".join([path] + self.keys)
+        return path.replace("/", SEPARATOR).upper()
 
     @property
     def override_example(self):
@@ -168,4 +177,4 @@ def override_example(self):
             value = json.dumps(example)
         else:
             value = "{}"
-        return {self.override_variable_name: value}
+        return {self.override_variable_name(): value}
diff --git a/test/test_vault.py b/test/test_vault.py
@@ -102,12 +102,19 @@ def test_get_secret_without_vault_credentials(config, monkeypatch, variables):
         config.get_secret("/path/to")
 
 
-@pytest.mark.parametrize("path, keys, expected", (("/path/to/", ["SECRET"], "PATH__TO"), ("path/to", [], "PATH__TO")))
+@pytest.mark.parametrize(
+    "path, keys, expected",
+    (
+        ("/path/to/", ["SECRET"], {"no_keys": "PATH__TO", "keys": "PATH__TO__SECRET"}),
+        ("path/to", [], {"no_keys": "PATH__TO", "keys": "PATH__TO"}),
+    ),
+)
 def test_override_variable_name(path, keys, expected):
     variable = VaultVariable(path)
     for key in keys:
         variable = variable[key]
-    assert variable.override_variable_name == expected
+    assert variable.override_variable_name() == expected["no_keys"]
+    assert variable.override_variable_name(add_keys=True) == expected["keys"]
 
 
 def test_path_not_string():
@@ -141,8 +148,10 @@ def test_override_secret(config, monkeypatch):
 
 def test_override_config_secret(config, monkeypatch):
     monkeypatch.setenv("PATH__TO", '{"SECRET": "bar"}')
+    monkeypatch.setenv("PATH__TO__NESTED__NESTED_SECRET__NESTED", "test")
     assert config.WHOLE_SECRET == {"SECRET": "bar"}
     assert config.SECRET == "bar"
+    assert config.NESTED_SECRET == "test"
 
 
 @pytest.mark.parametrize("data", ("[1, 2]", "[invalid]"))