diff --git a/scripts/load-global-secrets.sh b/scripts/load-global-secrets.sh index 832aabd..48c5acd 100755 --- a/scripts/load-global-secrets.sh +++ b/scripts/load-global-secrets.sh @@ -46,33 +46,38 @@ EOF return 1 } - local loaded=0 + # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs + local pairs + pairs=$(python3 - <<'PYEOF' <<< "$csv" +import sys, csv, re - while IFS=',' read -r group title username password rest; do - group="${group//\"/}" - title="${title//\"/}" - password="${password//\"/}" +reader = csv.DictReader(sys.stdin) +for row in reader: + group = row.get("Group", "") + title = row.get("Title", "") + password = row.get("Password", "") + if group != "Racine/global" and not group.startswith("Racine/global/"): + continue + if not re.match(r'^[A-Z_][A-Z0-9_]*$', title): + continue + if not password: + continue + print(f"{title}={password}") +PYEOF + ) - [[ "$group" != "Racine/global" && "$group" != "Racine/global/"* ]] && continue - - local var_name="$title" - if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then - echo "Nom invalide ignoré : $var_name" >&2 - continue - fi - - [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; } - - export "$var_name=$password" - loaded=$((loaded + 1)) - - done <<< "$csv" - - if [ "$loaded" -eq 0 ]; then + if [ -z "$pairs" ]; then echo "Aucun secret global chargé." >&2 return 1 fi + local loaded=0 + while IFS='=' read -r var_name value; do + [ -z "$var_name" ] && continue + export "$var_name=$value" + loaded=$((loaded + 1)) + done <<< "$pairs" + echo "Secrets chargés : $loaded" } diff --git a/scripts/sync-service-secrets.sh b/scripts/sync-service-secrets.sh index f6da85a..ae3431a 100755 --- a/scripts/sync-service-secrets.sh +++ b/scripts/sync-service-secrets.sh @@ -57,40 +57,35 @@ EOF return 1 } - # Parse CSV : colonnes "Group","Title","Username","Password",... - # On garde les entrées dont le Group commence par "services/" - # ou dont le Group est exactement "services" (selon la structure KeePass) - local rendered_lines="" - local loaded=0 + # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs + local rendered_lines + rendered_lines=$(python3 - <<'PYEOF' <<< "$csv" +import sys, csv, re - while IFS=',' read -r group title username password rest; do - # Retirer les guillemets CSV - group="${group//\"/}" - title="${title//\"/}" - password="${password//\"/}" +reader = csv.DictReader(sys.stdin) +for row in reader: + group = row.get("Group", "") + title = row.get("Title", "") + password = row.get("Password", "") + if group != "Racine/services" and not group.startswith("Racine/services/"): + continue + if not re.match(r'^[A-Z_][A-Z0-9_]*$', title): + continue + if not password: + continue + print(f"{title}={password}") +PYEOF + ) - # Filtrer le groupe services - [[ "$group" != "Racine/services" && "$group" != "Racine/services/"* ]] && continue - - # Le nom de variable = titre de l'entrée - local var_name="$title" - if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then - echo "Nom invalide ignoré : $var_name" >&2 - continue - fi - - [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; } - - rendered_lines+="$var_name=$password"$'\n' - loaded=$((loaded + 1)) - done <<< "$csv" - - if [ "$loaded" -eq 0 ]; then + if [ -z "$rendered_lines" ]; then echo "Aucun secret de service chargé." >&2 return 1 fi - printf '%s' "$rendered_lines" > "$target_file" + local loaded + loaded=$(echo "$rendered_lines" | grep -c '.') + + printf '%s\n' "$rendered_lines" > "$target_file" chmod 600 "$target_file" echo "Secrets de service écrits dans : $target_file"