Allow usage of environment variables in rules path (#608)

Author: nicogodet

docs/reference/qdt_profile.md

@@ -37,6 +37,39 @@ You can add rules to make the profile deployment conditional. In the following e
 
 The rules engine is based on [Python Rule Engine](https://github.com/santalvarez/python-rule-engine/) project whom rules syntax belongs to [JSON Rules Engine](https://github.com/CacheControl/json-rules-engine).
 
+> Added in version 0.38
+
+You can also deploy profiles based on environment variables. In the following example, the profile will be deployed only if `QDT_IS_GIS_ADMIN` exists:
+
+```json
+{
+  "$schema": "https://raw.githubusercontent.com/qgis-deployment/qgis-deployment-toolbelt-cli/main/docs/schemas/profile/qgis_profile.json",
+  "name": "only_gis_admin",
+  "folder_name": "qdt_only_gis_admin",
+  "description": "A QGIS profile for QDT with a conditional deployment rule for GIS admin",
+  "author": "Julien Moura",
+  "email": "[email protected]",
+  "qgisMinimumVersion": "3.34.0",
+  "qgisMaximumVersion": "3.99.10",
+  "version": "1.7.0",
+  "rules": [
+    {
+      "name": "QDT_IS_GIS_ADMIN exists",
+      "description": "Deploy only if $env:QDT_IS_GIS_ADMIN exists",
+      "conditions": {
+        "all": [
+          {
+            "path": "$.env.QDT_IS_GIS_ADMIN",
+            "operator": "not_equal",
+            "value": ""
+          }
+        ]
+      }
+    }
+  ]
+}
+```
+
 ### Conditions and rules context
 
 Rules is a set of conditions that use logical operators to compare values with context (a set of facts) which is exposed as a JSON object. Here comes the context for a Linux environment:

docs/schemas/scenario/settings.json

@@ -81,6 +81,23 @@
         }
       }
     },
+    "RULES_ONLY_PREFIXED_VARIABLES": {
+      "default": true,
+      "description": "If set to `true` (default), only environment variables prefixed with prefixes listed in RULES_VARIABLES_PREFIX are considered in rules for security concerns. If set to `false`, all environment variables are considered in rules.",
+      "title": "Only prefixed variables",
+      "type": "boolean"
+    },
+    "RULES_VARIABLES_PREFIX": {
+      "default": [
+        "QDT_,QGIS_"
+      ],
+      "description": "List of prefixes of environment variables considered in rules. Only relevant if RULES_ONLY_PREFIXED_VARIABLES is set to `true`.",
+      "title": "Variables prefixes",
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
     "SCENARIO_VALIDATION": {
       "default": false,
       "description": "Enable scenario validation. This will check the scenario against the JSON schema.",

qgis_deployment_toolbelt/commands/deployment.py

@@ -188,7 +188,15 @@ def run(args: argparse.Namespace):
                     )
                     envvar_name = envvar_name.removeprefix("QDT_")
 
-                environ[f"QDT_{envvar_name}"] = str(envvar_value)
+                prefixed_envvar_name = f"QDT_{envvar_name}"
+
+                if prefixed_envvar_name in environ:
+                    logger.warning(
+                        f"Environment variable {prefixed_envvar_name} already set. "
+                        "Overwriting it with new value."
+                    )
+
+                environ[prefixed_envvar_name] = str(envvar_value)
             else:
                 logger.debug(f"Ignored None value: {envvar_name}.")
     else:

qgis_deployment_toolbelt/jobs/generic_job.py

@@ -32,6 +32,7 @@
 )
 from qgis_deployment_toolbelt.profiles.qdt_profile import QdtProfile
 from qgis_deployment_toolbelt.profiles.rules_context import QdtRulesContext
+from qgis_deployment_toolbelt.utils.str2bool import str2bool
 
 # #############################################################################
 # ########## Globals ###############
@@ -55,7 +56,16 @@ def __init__(self) -> None:
         """Object instanciation."""
         # operating system configuration
         self.os_config = OSConfiguration.from_opersys()
-        self.qdt_rules_context = QdtRulesContext()
+
+        # QDT rules context
+        only_prefixed_variables = str2bool(
+            getenv("QDT_RULES_ONLY_PREFIXED_VARIABLES", "true")
+        )
+        variables_prefix = getenv("QDT_RULES_VARIABLES_PREFIX", "QDT_,QGIS_").split(",")
+        self.qdt_rules_context = QdtRulesContext(
+            only_prefixed_variables=only_prefixed_variables,
+            variables_prefix=variables_prefix,
+        )
 
         # local QDT folders
         self.qdt_working_folder = get_qdt_working_directory()

qgis_deployment_toolbelt/profiles/rules_context.py

@@ -17,6 +17,7 @@
 import platform
 from datetime import date
 from getpass import getuser
+from os import _Environ, environ
 from sys import platform as opersys
 
 # package
@@ -43,6 +44,25 @@
 
 
 class QdtRulesContext:
+    def __init__(
+        self,
+        only_prefixed_variables: bool = True,
+        variables_prefix: list[str] | None = None,
+    ) -> None:
+        """Initialize a QDT rules context object.
+
+        Args:
+            only_prefixed_variables (bool, optional): Option to only list prefixed
+            variables. Defaults to True.
+            variables_prefix (list[str] | None, optional): List of allowed prefixes.
+            Defaults to None.
+        """
+        self.only_prefixed_variables = only_prefixed_variables
+
+        if variables_prefix is None:
+            self.variables_prefix = ["QDT_", "QGIS_"]
+        else:
+            self.variables_prefix = variables_prefix
 
     @property
     def _context_date(self) -> dict:
@@ -60,6 +80,29 @@ def _context_date(self) -> dict:
             "current_year": today.year,
         }
 
+    @property
+    def _context_env(self) -> dict[str, str] | _Environ[str]:
+        """Returns a dictionary containing environment variables that can be used in
+            QDT various places: rules...
+
+        The environment variables can be filtered based on self.only_prefixed_variables
+        and self.variables_prefix settings.
+
+        Returns:
+            dict[str, str] | _Environ[str]: dict with environment variables to use in
+            rules
+        """
+
+        if self.only_prefixed_variables:
+            # Filter variables that start with any of the prefixes
+            return {
+                key: value
+                for key, value in environ.items()
+                if any(key.startswith(prefix) for prefix in self.variables_prefix)
+            }
+
+        return environ
+
     @property
     def _context_environment(self) -> dict:
         """Returns a dictionary containing some environment information (computer, network,

qgis_deployment_toolbelt/utils/str2bool.py

@@ -29,7 +29,7 @@ def str2bool(input_var: bool | str, raise_exc: bool = False) -> bool | None:
 
     Args:
         input_var (str): value to convert
-        raise_exc (bool, optional): strict mode, defaults to False. Defaults to False.
+        raise_exc (bool, optional): strict mode, defaults to False.
 
     Raises:
         ValueError: input_var is not in true and false sets

tests/test_rules_context.py

@@ -48,6 +48,7 @@ def test_rules_export_to_json(self):
 
         self.assertIsInstance(context_data, dict)
         self.assertIn("date", context_data)
+        self.assertIn("env", context_data)
         self.assertIn("environment", context_data)
         self.assertIn("user", context_data)