From 28454bf466ba8d459b2fc105e82c2ed482e52717 Mon Sep 17 00:00:00 2001 From: MaksTinyWorkshop Date: Thu, 26 Mar 2026 18:26:02 +0100 Subject: [PATCH] =?UTF-8?q?fix(scripts):=20remplacer=20parsing=20CSV=20bas?= =?UTF-8?q?h=20par=20python3=20=E2=80=94=20g=C3=A8re=20les=20champs=20mult?= =?UTF-8?q?ilignes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Sonnet 4.6 --- scripts/load-global-secrets.sh | 47 ++++++++++++++++-------------- scripts/sync-service-secrets.sh | 51 +++++++++++++++------------------ 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/scripts/load-global-secrets.sh b/scripts/load-global-secrets.sh index 832aabd..48c5acd 100755 --- a/scripts/load-global-secrets.sh +++ b/scripts/load-global-secrets.sh @@ -46,33 +46,38 @@ EOF return 1 } - local loaded=0 + # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs + local pairs + pairs=$(python3 - <<'PYEOF' <<< "$csv" +import sys, csv, re - while IFS=',' read -r group title username password rest; do - group="${group//\"/}" - title="${title//\"/}" - password="${password//\"/}" +reader = csv.DictReader(sys.stdin) +for row in reader: + group = row.get("Group", "") + title = row.get("Title", "") + password = row.get("Password", "") + if group != "Racine/global" and not group.startswith("Racine/global/"): + continue + if not re.match(r'^[A-Z_][A-Z0-9_]*$', title): + continue + if not password: + continue + print(f"{title}={password}") +PYEOF + ) - [[ "$group" != "Racine/global" && "$group" != "Racine/global/"* ]] && continue - - local var_name="$title" - if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then - echo "Nom invalide ignoré : $var_name" >&2 - continue - fi - - [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; } - - export "$var_name=$password" - loaded=$((loaded + 1)) - - done <<< "$csv" - - if [ "$loaded" -eq 0 ]; then + if [ -z "$pairs" ]; then echo "Aucun secret global chargé." >&2 return 1 fi + local loaded=0 + while IFS='=' read -r var_name value; do + [ -z "$var_name" ] && continue + export "$var_name=$value" + loaded=$((loaded + 1)) + done <<< "$pairs" + echo "Secrets chargés : $loaded" } diff --git a/scripts/sync-service-secrets.sh b/scripts/sync-service-secrets.sh index f6da85a..ae3431a 100755 --- a/scripts/sync-service-secrets.sh +++ b/scripts/sync-service-secrets.sh @@ -57,40 +57,35 @@ EOF return 1 } - # Parse CSV : colonnes "Group","Title","Username","Password",... - # On garde les entrées dont le Group commence par "services/" - # ou dont le Group est exactement "services" (selon la structure KeePass) - local rendered_lines="" - local loaded=0 + # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs + local rendered_lines + rendered_lines=$(python3 - <<'PYEOF' <<< "$csv" +import sys, csv, re - while IFS=',' read -r group title username password rest; do - # Retirer les guillemets CSV - group="${group//\"/}" - title="${title//\"/}" - password="${password//\"/}" +reader = csv.DictReader(sys.stdin) +for row in reader: + group = row.get("Group", "") + title = row.get("Title", "") + password = row.get("Password", "") + if group != "Racine/services" and not group.startswith("Racine/services/"): + continue + if not re.match(r'^[A-Z_][A-Z0-9_]*$', title): + continue + if not password: + continue + print(f"{title}={password}") +PYEOF + ) - # Filtrer le groupe services - [[ "$group" != "Racine/services" && "$group" != "Racine/services/"* ]] && continue - - # Le nom de variable = titre de l'entrée - local var_name="$title" - if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then - echo "Nom invalide ignoré : $var_name" >&2 - continue - fi - - [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; } - - rendered_lines+="$var_name=$password"$'\n' - loaded=$((loaded + 1)) - done <<< "$csv" - - if [ "$loaded" -eq 0 ]; then + if [ -z "$rendered_lines" ]; then echo "Aucun secret de service chargé." >&2 return 1 fi - printf '%s' "$rendered_lines" > "$target_file" + local loaded + loaded=$(echo "$rendered_lines" | grep -c '.') + + printf '%s\n' "$rendered_lines" > "$target_file" chmod 600 "$target_file" echo "Secrets de service écrits dans : $target_file"