fix(scripts): remplacer parsing CSV bash par python3 — gère les champs multilignes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-06 13:31:43 +02:00 · 2026-03-26 18:26:02 +01:00
parent 83ca6c8bb0
commit 28454bf466
2 changed files with 49 additions and 49 deletions
--- a/scripts/load-global-secrets.sh
+++ b/scripts/load-global-secrets.sh
@@ -46,33 +46,38 @@ EOF
    return 1
  }

-  local loaded=0
+  # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs
+  local pairs
+  pairs=$(python3 - <<'PYEOF' <<< "$csv"
+import sys, csv, re

-  while IFS=',' read -r group title username password rest; do
-    group="${group//\"/}"
-    title="${title//\"/}"
-    password="${password//\"/}"
-
-    [[ "$group" != "Racine/global" && "$group" != "Racine/global/"* ]] && continue
-
-    local var_name="$title"
-    if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then
-      echo "Nom invalide ignoré : $var_name" >&2
+reader = csv.DictReader(sys.stdin)
+for row in reader:
+    group = row.get("Group", "")
+    title = row.get("Title", "")
+    password = row.get("Password", "")
+    if group != "Racine/global" and not group.startswith("Racine/global/"):
        continue
-    fi
+    if not re.match(r'^[A-Z_][A-Z0-9_]*$', title):
+        continue
+    if not password:
+        continue
+    print(f"{title}={password}")
+PYEOF
+  )

-    [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; }
-
-    export "$var_name=$password"
-    loaded=$((loaded + 1))
-
-  done <<< "$csv"
-
-  if [ "$loaded" -eq 0 ]; then
+  if [ -z "$pairs" ]; then
    echo "Aucun secret global chargé." >&2
    return 1
  fi

+  local loaded=0
+  while IFS='=' read -r var_name value; do
+    [ -z "$var_name" ] && continue
+    export "$var_name=$value"
+    loaded=$((loaded + 1))
+  done <<< "$pairs"
+
  echo "Secrets chargés : $loaded"
 }

--- a/scripts/sync-service-secrets.sh
+++ b/scripts/sync-service-secrets.sh
@@ -57,40 +57,35 @@ EOF
    return 1
  }

-  # Parse CSV : colonnes "Group","Title","Username","Password",...
-  # On garde les entrées dont le Group commence par "services/"
-  # ou dont le Group est exactement "services" (selon la structure KeePass)
-  local rendered_lines=""
-  local loaded=0
+  # Parser le CSV avec python3 — gère les champs multilignes et les virgules dans les valeurs
+  local rendered_lines
+  rendered_lines=$(python3 - <<'PYEOF' <<< "$csv"
+import sys, csv, re

-  while IFS=',' read -r group title username password rest; do
-    # Retirer les guillemets CSV
-    group="${group//\"/}"
-    title="${title//\"/}"
-    password="${password//\"/}"
-
-    # Filtrer le groupe services
-    [[ "$group" != "Racine/services" && "$group" != "Racine/services/"* ]] && continue
-
-    # Le nom de variable = titre de l'entrée
-    local var_name="$title"
-    if ! printf '%s' "$var_name" | grep -Eq '^[A-Z_][A-Z0-9_]*$'; then
-      echo "Nom invalide ignoré : $var_name" >&2
+reader = csv.DictReader(sys.stdin)
+for row in reader:
+    group = row.get("Group", "")
+    title = row.get("Title", "")
+    password = row.get("Password", "")
+    if group != "Racine/services" and not group.startswith("Racine/services/"):
        continue
-    fi
+    if not re.match(r'^[A-Z_][A-Z0-9_]*$', title):
+        continue
+    if not password:
+        continue
+    print(f"{title}={password}")
+PYEOF
+  )

-    [ -z "$password" ] && { echo "Valeur vide ignorée : $var_name" >&2; continue; }
-
-    rendered_lines+="$var_name=$password"$'\n'
-    loaded=$((loaded + 1))
-  done <<< "$csv"
-
-  if [ "$loaded" -eq 0 ]; then
+  if [ -z "$rendered_lines" ]; then
    echo "Aucun secret de service chargé." >&2
    return 1
  fi

-  printf '%s' "$rendered_lines" > "$target_file"
+  local loaded
+  loaded=$(echo "$rendered_lines" | grep -c '.')
+
+  printf '%s\n' "$rendered_lines" > "$target_file"
  chmod 600 "$target_file"

  echo "Secrets de service écrits dans : $target_file"