def render_config(args, output_file=None):
if not output_file:
output_file = sys.stdout
stage = args.stage
env = args.environment or stage
with open(args.config, 'rt') as f:
config = yaml.safe_load(f.read())
STATE['stages'] = config['stages']
config['config'] = _decrypt_item(config['config'], stage=stage, key='',
render=True)
if args.json or args.encrypt or args.python:
rendered_config = json.dumps(
config['config'], indent=None if args.encrypt else 4,
separators=(',', ':') if args.encrypt else (',', ': '))
else:
buf = StringIO()
yaml.round_trip_dump(config['config'], buf)
rendered_config = buf.getvalue()
if args.encrypt or args.python:
STATE['stages'] = config['stages']
encrypted_config = []
while rendered_config:
buffer = _encrypt_text(rendered_config[:4096], env)
rendered_config = rendered_config[4096:]
encrypted_config.append(buffer)
if not args.python:
rendered_config = json.dumps(encrypted_config)
else:
rendered_config = '''ENCRYPTED_CONFIG = {}
import base64
import boto3
import json
def load_config():
config_json = ''
kms = boto3.client('kms')
for buffer in ENCRYPTED_CONFIG:
r = kms.decrypt(CiphertextBlob=base64.b64decode(buffer.encode(
'utf-8')))
config_json += r['Plaintext'].decode('utf-8')
return json.loads(config_json)
CONFIG = load_config()
'''.format(encrypted_config)
output_file.write(rendered_config)
评论列表
文章目录
