Deprecate the use of keyring and credstash (#43854)

2020-12-02 16:55:33 +01:00 · 2020-12-02 16:55:33 +01:00 · 58648019c6
parent ac2c01d20c
commit 58648019c6
1 changed files with 18 additions and 0 deletions
--- a/homeassistant/util/yaml/loader.py
+++ b/homeassistant/util/yaml/loader.py
@ -32,6 +32,9 @@ DICT_T = TypeVar("DICT_T", bound=Dict)  # pylint: disable=invalid-name
 _LOGGER = logging.getLogger(__name__)
 __SECRET_CACHE: Dict[str, JSON_TYPE] = {}

+CREDSTASH_WARN = False
+KEYRING_WARN = False
+

 def clear_secret_cache() -> None:
    """Clear the secret cache.
@ -295,6 +298,14 @@ def secret_yaml(loader: SafeLineLoader, node: yaml.nodes.Node) -> JSON_TYPE:
        # do some keyring stuff
        pwd = keyring.get_password(_SECRET_NAMESPACE, node.value)
        if pwd:
+            global KEYRING_WARN  # pylint: disable=global-statement
+
+            if not KEYRING_WARN:
+                KEYRING_WARN = True
+                _LOGGER.warning(
+                    "Keyring is deprecated and will be removed in March 2021."
+                )
+
            _LOGGER.debug("Secret %s retrieved from keyring", node.value)
            return pwd

@ -305,6 +316,13 @@ def secret_yaml(loader: SafeLineLoader, node: yaml.nodes.Node) -> JSON_TYPE:
        try:
            pwd = credstash.getSecret(node.value, table=_SECRET_NAMESPACE)
            if pwd:
+                global CREDSTASH_WARN  # pylint: disable=global-statement
+
+                if not CREDSTASH_WARN:
+                    CREDSTASH_WARN = True
+                    _LOGGER.warning(
+                        "Credstash is deprecated and will be removed in March 2021."
+                    )
                _LOGGER.debug("Secret %s retrieved from credstash", node.value)
                return pwd
        except credstash.ItemNotFound: