Add optional callback-style way to resolve secret values from config

[akaIDIOT]

Designed to let keyring.get_password drop into any load* function or Configuration instance, currently based on resolved a sing-magic-key mapping in to a secret value, resolved from the keys inside the mapping:

regular.configuration: 42
client:
  username: akaidiot
  password:
    $secret:
      service: github.com
      username: ${client.username}

config = load_name(..., secrets=keyring.get_password)
client = Client(**config.client)

• badly needs tests
• draft, subject to change

[akaIDIOT]

NB: this gets called every step along the config.deeply.nested.keys.foobar way; matches() needs to be cheap 😬

[akaIDIOT]

Would this lend itself to a match statement, allowing the secrets instance to supply its own match args? 🤔

[akaIDIOT]

As this has been hooked into here: current implementation requires any and all implementations to utilize at least some kind of mapping / dict / subtree to implement this. Do we want this kind restriction? Do we want to implement any alternatives right away or maybe at a later stage?

[akaIDIOT]

Yes, yes, this need many comments on what / why the f things are as they are, soon™

[akaIDIOT]

This is a very composition over inheritance approach to an implementation conforming to the Secrets protocol above, is this too much? 🤔

[akaIDIOT]

Mypy fails to infer the set being constructed below correctly when this is set to typing.Optional[Secrets], meh 🤔

[caldaibis]

Okay I looked a little into this whole YAML loading stuff and I might have found a way to make the syntax more clean! You can use YAML tags to get this syntax:

regular.configuration: 42
client:
  username: akaidiot
  password: !secret
    service: github.com
    username: ${client.username}

This way, you get rid of the extra indentation and make it look a bit easier on the eye. You can then load it in python with something like this:

import yaml

class Secret:
    """Represents a !secret YAML tag."""
    def __init__(self, service: str, username: str):
        self.service = service
        self.username = username

    @classmethod
    def from_yaml(cls, loader: yaml.Loader, node: yaml.Node) -> 'Secret':
        if isinstance(node, yaml.MappingNode):
            mapping = loader.construct_mapping(node)
            return cls(mapping['service'], mapping['username'])
        raise ValueError("Invalid !secret tag format")


yaml.add_constructor('!secret', Secret.from_yaml, Loader=yaml.SafeLoader)

What do you think? I believe you can integrate something like this but let me know if this is not really what you were looking for :)

[akaIDIOT]

What do you think? I believe you can integrate something like this but let me know if this is not really what you were looking for :)

Interesting idea! I'll read up on the constructs a bit, definitely has potential to lose a level of indentation, provided users are going to 'get' the syntax. It is very explicit though, I like that :D

(and, just remembered there were thoughts on supporting toml, as that's becoming default in py-land, but not necessarily part of this PR)