|
| 1 | +# |
| 2 | +# Copyright 2025 The InfiniFlow Authors. All Rights Reserved. |
| 3 | +# |
| 4 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +# you may not use this file except in compliance with the License. |
| 6 | +# You may obtain a copy of the License at |
| 7 | +# |
| 8 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +# |
| 10 | +# Unless required by applicable law or agreed to in writing, software |
| 11 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +# See the License for the specific language governing permissions and |
| 14 | +# limitations under the License. |
| 15 | +# |
| 16 | + |
| 17 | +import os |
| 18 | +import copy |
| 19 | +import logging |
| 20 | +import importlib |
| 21 | +from filelock import FileLock |
| 22 | + |
| 23 | +from common.file_utils import get_project_base_directory |
| 24 | +from common.contants import SERVICE_CONF |
| 25 | +from ruamel.yaml import YAML |
| 26 | + |
| 27 | + |
| 28 | +def load_yaml_conf(conf_path): |
| 29 | + if not os.path.isabs(conf_path): |
| 30 | + conf_path = os.path.join(get_project_base_directory(), conf_path) |
| 31 | + try: |
| 32 | + with open(conf_path) as f: |
| 33 | + yaml = YAML(typ="safe", pure=True) |
| 34 | + return yaml.load(f) |
| 35 | + except Exception as e: |
| 36 | + raise EnvironmentError("loading yaml file config from {} failed:".format(conf_path), e) |
| 37 | + |
| 38 | + |
| 39 | +def rewrite_yaml_conf(conf_path, config): |
| 40 | + if not os.path.isabs(conf_path): |
| 41 | + conf_path = os.path.join(get_project_base_directory(), conf_path) |
| 42 | + try: |
| 43 | + with open(conf_path, "w") as f: |
| 44 | + yaml = YAML(typ="safe") |
| 45 | + yaml.dump(config, f) |
| 46 | + except Exception as e: |
| 47 | + raise EnvironmentError("rewrite yaml file config {} failed:".format(conf_path), e) |
| 48 | + |
| 49 | + |
| 50 | +def conf_realpath(conf_name): |
| 51 | + conf_path = f"conf/{conf_name}" |
| 52 | + return os.path.join(get_project_base_directory(), conf_path) |
| 53 | + |
| 54 | + |
| 55 | +def read_config(conf_name=SERVICE_CONF): |
| 56 | + local_config = {} |
| 57 | + local_path = conf_realpath(f'local.{conf_name}') |
| 58 | + |
| 59 | + # load local config file |
| 60 | + if os.path.exists(local_path): |
| 61 | + local_config = load_yaml_conf(local_path) |
| 62 | + if not isinstance(local_config, dict): |
| 63 | + raise ValueError(f'Invalid config file: "{local_path}".') |
| 64 | + |
| 65 | + global_config_path = conf_realpath(conf_name) |
| 66 | + global_config = load_yaml_conf(global_config_path) |
| 67 | + |
| 68 | + if not isinstance(global_config, dict): |
| 69 | + raise ValueError(f'Invalid config file: "{global_config_path}".') |
| 70 | + |
| 71 | + global_config.update(local_config) |
| 72 | + return global_config |
| 73 | + |
| 74 | + |
| 75 | +CONFIGS = read_config() |
| 76 | + |
| 77 | + |
| 78 | +def show_configs(): |
| 79 | + msg = f"Current configs, from {conf_realpath(SERVICE_CONF)}:" |
| 80 | + for k, v in CONFIGS.items(): |
| 81 | + if isinstance(v, dict): |
| 82 | + if "password" in v: |
| 83 | + v = copy.deepcopy(v) |
| 84 | + v["password"] = "*" * 8 |
| 85 | + if "access_key" in v: |
| 86 | + v = copy.deepcopy(v) |
| 87 | + v["access_key"] = "*" * 8 |
| 88 | + if "secret_key" in v: |
| 89 | + v = copy.deepcopy(v) |
| 90 | + v["secret_key"] = "*" * 8 |
| 91 | + if "secret" in v: |
| 92 | + v = copy.deepcopy(v) |
| 93 | + v["secret"] = "*" * 8 |
| 94 | + if "sas_token" in v: |
| 95 | + v = copy.deepcopy(v) |
| 96 | + v["sas_token"] = "*" * 8 |
| 97 | + if "oauth" in k: |
| 98 | + v = copy.deepcopy(v) |
| 99 | + for key, val in v.items(): |
| 100 | + if "client_secret" in val: |
| 101 | + val["client_secret"] = "*" * 8 |
| 102 | + if "authentication" in k: |
| 103 | + v = copy.deepcopy(v) |
| 104 | + for key, val in v.items(): |
| 105 | + if "http_secret_key" in val: |
| 106 | + val["http_secret_key"] = "*" * 8 |
| 107 | + msg += f"\n\t{k}: {v}" |
| 108 | + logging.info(msg) |
| 109 | + |
| 110 | + |
| 111 | +def get_base_config(key, default=None): |
| 112 | + if key is None: |
| 113 | + return None |
| 114 | + if default is None: |
| 115 | + default = os.environ.get(key.upper()) |
| 116 | + return CONFIGS.get(key, default) |
| 117 | + |
| 118 | + |
| 119 | +def decrypt_database_password(password): |
| 120 | + encrypt_password = get_base_config("encrypt_password", False) |
| 121 | + encrypt_module = get_base_config("encrypt_module", False) |
| 122 | + private_key = get_base_config("private_key", None) |
| 123 | + |
| 124 | + if not password or not encrypt_password: |
| 125 | + return password |
| 126 | + |
| 127 | + if not private_key: |
| 128 | + raise ValueError("No private key") |
| 129 | + |
| 130 | + module_fun = encrypt_module.split("#") |
| 131 | + pwdecrypt_fun = getattr( |
| 132 | + importlib.import_module( |
| 133 | + module_fun[0]), |
| 134 | + module_fun[1]) |
| 135 | + |
| 136 | + return pwdecrypt_fun(private_key, password) |
| 137 | + |
| 138 | + |
| 139 | +def decrypt_database_config(database=None, passwd_key="password", name="database"): |
| 140 | + if not database: |
| 141 | + database = get_base_config(name, {}) |
| 142 | + |
| 143 | + database[passwd_key] = decrypt_database_password(database[passwd_key]) |
| 144 | + return database |
| 145 | + |
| 146 | + |
| 147 | +def update_config(key, value, conf_name=SERVICE_CONF): |
| 148 | + conf_path = conf_realpath(conf_name=conf_name) |
| 149 | + if not os.path.isabs(conf_path): |
| 150 | + conf_path = os.path.join(get_project_base_directory(), conf_path) |
| 151 | + |
| 152 | + with FileLock(os.path.join(os.path.dirname(conf_path), ".lock")): |
| 153 | + config = load_yaml_conf(conf_path=conf_path) or {} |
| 154 | + config[key] = value |
| 155 | + rewrite_yaml_conf(conf_path=conf_path, config=config) |
0 commit comments