We don't want sensitive information such as the API token to be stored into the script, both because it could lead to them being leaked by mistake and because it makes it needlessly complicated for users to take advantage of the tool. Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- guests/quayadmin | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/guests/quayadmin b/guests/quayadmin index 25128e5..4e60653 100755 --- a/guests/quayadmin +++ b/guests/quayadmin @@ -19,15 +19,32 @@ # with this program. If not, see <https://www.gnu.org/licenses/>. import argparse +import configparser +import os import pprint import requests import sys def get_config(): - config = { - "baseurl": "https://quay.io/api/v1";, - "token": "xxx", - } + try: + path = os.environ["XDG_CONFIG_HOME"] + except KeyError: + path = os.path.join(os.environ["HOME"], ".config") + path = os.path.join(os.path.join(path, "quayadmin"), "config.ini") + + try: + parser = configparser.ConfigParser() + parser.read_file(open(path)) + except Exception as ex: + raise Exception("Cannot load config: {}".format(ex)) + + try: + config = { + "baseurl": "https://quay.io/api/v1";, + "token": parser["DEFAULT"]["token"], + } + except KeyError: + raise Exception("Token not found in {}".format(path)) return config -- 2.21.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
