Provider Registry Refactor — Progress Tracker
Goal: Eliminate hardcoded provider-specific if/elif chains and metadata
dicts throughout the CLI and orchestration layer, replacing them with
registry-driven dispatch using class-level metadata on BaseProvider and
ProviderAuth.
Status: Complete — all 5 phases done, 763 tests passing, lint clean.
Summary of Changes
| File |
Change |
providers/base.py |
Added display_name, description, required_package, auth_class class attrs to BaseProvider; added ENV_TOKEN to ProviderAuth |
providers/aws.py |
Set display_name, description, required_package, auth_class |
providers/azure.py |
Set display_name, description, required_package, auth_class |
providers/vault.py |
Set display_name, description, required_package, auth_class |
providers/github.py |
Set display_name, description, required_package, auth_class |
providers/gitlab.py |
Set display_name, description, required_package, auth_class |
providers/jenkins.py |
Set display_name, description, required_package, auth_class |
providers/kubernetes.py |
Set display_name, description, required_package, auth_class |
providers/ansible_vault.py |
Set display_name, description, required_package, auth_class |
Phase 2 — Refactor CLI Provider Instantiation ✅
| File |
Change |
cli.py test command (~L1324–1460) |
Replaced ~140-line if/elif chain with 5-line registry lookup |
cli.py _test_provider_profiles (~L1204–1248) |
Replaced ~60-line if/elif chain with registry lookup |
Phase 3 — Refactor CLI Dependency Check ✅
| File |
Change |
cli.py check-deps command (~L180) |
Replaced hardcoded provider_packages dict with required_package class attr |
| File |
Change |
cli_providers.py list command |
Replaced hardcoded provider_info dict with display_name/description class attrs |
Phase 5 — Refactor Environment Variable Map ✅
| File |
Change |
cli_providers.py token-info |
Replaced hardcoded env_var_map dict with ProviderAuth.ENV_TOKEN class attr |
Design Decisions
-
Class-level metadata — display_name, description, and required_package
are class attributes on BaseProvider with sensible defaults derived from the
class name. Subclasses override with specific values.
-
required_package tuple — (import_name, install_name) e.g.
("boto3", "secretzero[aws]"). Base returns None (no extra deps).
-
ENV_TOKEN on ProviderAuth — Already existed on GitHub/GitLab/Jenkins/Vault
auth classes. Added default "" on base class so the CLI can read it generically.
-
auth_class on BaseProvider — Points to the concrete ProviderAuth subclass
(e.g. GitHubAuth, VaultAuth). Lets the CLI inspect auth-level metadata like
ENV_TOKEN without instantiating the provider.
-
Registry-based instantiation — GLOBAL_PROVIDER_REGISTRY.get_provider_class(kind)
returns the class, which we instantiate directly. ImportError is caught generically
since the registry import already succeeded.
Lines Removed (approximate)
| Area |
Before |
After |
Reduction |
test command if/elif |
~140 lines |
~15 lines |
~125 lines |
_test_provider_profiles if/elif |
~50 lines |
~10 lines |
~40 lines |
check-deps dict |
~10 lines |
~5 lines |
~5 lines |
providers list dict |
~10 lines |
~5 lines |
~5 lines |
token-info env_var_map |
~8 lines |
~3 lines |
~5 lines |
| Total |
~218 lines |
~38 lines |
~180 lines |