Source code for constellation_utils.secrets._config

"""Load the packaged YAML config for the active profile.

Config files live inside the package (``src/constellation_utils/config/``)
and ship together with the wheel. They are git-tracked because they
contain only ``op://...`` URIs — not secrets. The actual credential
values come from the secrets backend at runtime.
"""

from __future__ import annotations

import os
from importlib import resources
from typing import Any

import yaml

VALID_PROFILES = ("testing", "production")
DEFAULT_PROFILE = "testing"



[docs]
def current_profile() -> str:
    """Return the active profile from the env, defaulting to 'testing'."""
    profile = os.environ.get("CONSTELLATION_PROFILE", DEFAULT_PROFILE)
    if profile not in VALID_PROFILES:
        raise ValueError(
            f"CONSTELLATION_PROFILE={profile!r} is not one of {VALID_PROFILES}. "
            f"Default is {DEFAULT_PROFILE!r}; set explicitly for production rigs."
        )
    return profile




[docs]
def load_profile(profile: str | None = None) -> dict[str, Any]:
    """Load and parse the YAML config for the given profile (or env-active)."""
    profile = profile or current_profile()
    config_path = resources.files("constellation_utils.config") / f"secrets.{profile}.yaml"
    with config_path.open("r") as f:
        data = yaml.safe_load(f)
    if not isinstance(data, dict):
        raise ValueError(
            f"secrets.{profile}.yaml did not parse to a dict (got {type(data).__name__})"
        )
    return data