encrypt_secret: Allow file scheme for public key

Allow the use of a file:///key.pub URL to load the project public
key.

Change-Id: If11ec2232625b630252cf334efa996573b55752b

releasenotes/notes/encrypt-file-pubkey-a4830c3573dee7f0.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - A local project key file URI (eg. ``file:///path/to/key.pub``) is now
+    supported by the encrypt_secret.py tool. This allows encrypting secrets
+    without directly accessing the Zuul web API to retrieve the project key.

tools/encrypt_secret.py

@@ -45,9 +45,12 @@ def main():
     parser = argparse.ArgumentParser(description=DESCRIPTION)
     parser.add_argument('url',
                         help="The base URL of the zuul server.  "
-                        "E.g., https://zuul.example.com/")
+                        "E.g., https://zuul.example.com/ or path"
-    parser.add_argument('project',
+                        " to project public key file. E.g.,"
-                        help="The name of the project.")
+                        " file:///path/to/key.pub")
+    parser.add_argument('project', default=None, nargs="?",
+                        help="The name of the project. Required when using"
+                        " the Zuul API to fetch the public key.")
     parser.add_argument('--tenant',
                         default=None,
                         help="The name of the Zuul tenant.  This may be "
@@ -75,6 +78,9 @@ def main():
                          "unencrypted connection. Your secret may get "
                          "compromised.\n")
 
+    if url.scheme == 'file':
+        req = Request(args.url)
+    else:
         # Check if tenant is white label
         req = Request("%s/api/info" % (args.url.rstrip('/'),))
         info = json.loads(urlopen(req).read().decode('utf8'))