Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

Commit

Permalink
Added ca_bundle_location config, simplified vault URL (#33)
Browse files Browse the repository at this point in the history
Co-authored-by: Christoph Zwerschke <[email protected]>
  • Loading branch information
mephenor and Cito authored Oct 24, 2023
1 parent 8d73d35 commit 243984f
Show file tree
Hide file tree
Showing 13 changed files with 165 additions and 136 deletions.
5 changes: 2 additions & 3 deletions .devcontainer/.dev_config.yaml
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
# Please only mention the non-default settings here:

debug_vault: False
vault_host: "http://127.0.0.1"
vault_port: 8200
vault_url: "http://127.0.0.1:8200"
vault_role_id: dummy-role
vault_secret_id: dummy-secret
vault_verify: True
server_private_key: 9iYLar4OyeBzKJY8xQ8BAiGUe49wmqRPtcj240+VmjQ=
server_public_key: HsKvfHsAFNGykFi/zMssay0xajoHvY30IcYPGDCXrGU=
134 changes: 79 additions & 55 deletions .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,70 +2,94 @@
// https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/python-3-postgres
// Update the VARIANT arg in docker-compose.yml to pick a Python version: 3, 3.8, 3.7, 3.6
{
"name": "Encryption Key Store Service",
"name": "${localWorkspaceFolderBasename}",
"dockerComposeFile": "docker-compose.yml",
"service": "app",
"workspaceFolder": "/workspace",
// Set *default* container specific settings.json values on container create.
"settings": {
"terminal.integrated.shell.linux": "/bin/bash",
"python.pythonPath": "/usr/local/bin/python",
"python.languageServer": "Pylance",
"python.linting.enabled": true,
"python.linting.pylintEnabled": true,
"python.formatting.autopep8Path": "/usr/local/py-utils/bin/autopep8",
"python.formatting.blackPath": "/usr/local/py-utils/bin/black",
"python.formatting.yapfPath": "/usr/local/py-utils/bin/yapf",
"python.formatting.provider": "black",
"editor.formatOnSave": true,
"python.linting.banditPath": "/usr/local/py-utils/bin/bandit",
"python.linting.mypyPath": "/usr/local/py-utils/bin/mypy",
"python.linting.pycodestylePath": "/usr/local/py-utils/bin/pycodestyle",
"python.linting.pydocstylePath": "/usr/local/py-utils/bin/pydocstyle",
"python.linting.pylintPath": "/usr/local/py-utils/bin/pylint",
"python.testing.pytestPath": "/usr/local/py-utils/bin/pytest",
"python.testing.unittestEnabled": false,
"python.testing.pytestEnabled": true,
"editor.renderWhitespace": "all",
"editor.rulers": [
88
],
"licenser.license": "Custom",
"licenser.customHeaderFile": "/workspace/.devcontainer/license_header.txt"
"customizations": {
"vscode": {
// Set *default* container specific settings.json values on container create.
"settings": {
"terminal.integrated.profiles.linux": {
"bash": {
"path": "/bin/bash"
}
},
"sqltools.connections": [
{
"name": "Container database",
"driver": "PostgreSQL",
"previewLimit": 50,
"server": "localhost",
"port": 5432,
"database": "postgres",
"username": "postgres",
"password": "postgres"
}
],
"python.pythonPath": "/usr/local/bin/python",
"python.languageServer": "Pylance",
"python.linting.enabled": true,
"python.linting.pylintEnabled": true,
"python.formatting.autopep8Path": "/usr/local/py-utils/bin/autopep8",
"python.formatting.blackPath": "/usr/local/py-utils/bin/black",
"python.formatting.yapfPath": "/usr/local/py-utils/bin/yapf",
"python.formatting.provider": "black",
"python.analysis.typeCheckingMode": "basic",
"python.linting.banditPath": "/usr/local/py-utils/bin/bandit",
"python.linting.mypyPath": "/usr/local/py-utils/bin/mypy",
"python.linting.pycodestylePath": "/usr/local/py-utils/bin/pycodestyle",
"python.linting.pydocstylePath": "/usr/local/py-utils/bin/pydocstyle",
"python.linting.pylintPath": "/usr/local/py-utils/bin/pylint",
"python.testing.pytestPath": "/usr/local/py-utils/bin/pytest",
"python.testing.pytestArgs": [
"--profile"
],
"python.testing.unittestEnabled": false,
"python.testing.pytestEnabled": true,
"editor.formatOnSave": true,
"editor.renderWhitespace": "all",
"editor.rulers": [
88
],
"licenser.license": "Custom",
"licenser.customHeaderFile": "/workspace/.devcontainer/license_header.txt"
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"mikestead.dotenv",
"ms-azuretools.vscode-docker",
"ms-python.python",
"ms-python.isort",
"ms-python.vscode-pylance",
"ms-toolsai.jupyter",
"njpwerner.autodocstring",
"redhat.vscode-yaml",
"42crunch.vscode-openapi",
"arjun.swagger-viewer",
"eamodio.gitlens",
"github.vscode-pull-request-github",
"streetsidesoftware.code-spell-checker",
"yzhang.markdown-all-in-one",
"visualstudioexptteam.vscodeintellicode",
"ymotongpoo.licenser",
"editorconfig.editorconfig"
]
}
},
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-python.python",
"ms-python.vscode-pylance",
"mtxr.sqltools",
"mtxr.sqltools-driver-pg",
"42crunch.vscode-openapi",
"eamodio.gitlens",
"formulahendry.terminal",
"tyriar.terminal-tabs",
"alexcvzz.vscode-sqlite",
"njpwerner.autodocstring",
"arjun.swagger-viewer",
"ms-toolsai.jupyter",
"redhat.vscode-yaml",
"ymotongpoo.licenser",
"ms-azuretools.vscode-docker",
"EditorConfig.EditorConfig"
],
// Use 'forwardPorts' to make a list of ports inside the container available locally.
"forwardPorts": [
27017
],
// "forwardPorts": [5000, 5432],
// Use 'postCreateCommand' to run commands after the container is created.
"postCreateCommand": "dev_install",
// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode",
"containerEnv": {
// for testcontainers to connect to the docker host:
"TC_HOST": "host.docker.internal",
"DOCKER_HOST": "unix:///var/run/docker.sock"
},
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {
"version": "latest",
"enableNonRootDocker": "true",
"moby": true,
"azureDnsAutoDetection": false
}
// details can be found here: https://github.com/devcontainers/features/tree/main/src/docker-outside-of-docker
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
}
}
1 change: 0 additions & 1 deletion .mandatory_files
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
# may differ from that of the template repository.

.devcontainer/dev_launcher
.devcontainer/devcontainer.json
.devcontainer/docker-compose.yml
.devcontainer/Dockerfile

Expand Down
21 changes: 13 additions & 8 deletions .readme_template.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ $summary
$description

## Installation

We recommend using the provided Docker container.

A pre-build version is available at [docker hub](https://hub.docker.com/repository/docker/ghga/$name):
Expand Down Expand Up @@ -42,6 +43,7 @@ $shortname --help
```

## Configuration

### Parameters

The service requires the following configuration parameters:
Expand Down Expand Up @@ -77,19 +79,20 @@ $openapi_doc
$design_description

## Development

For setting up the development environment, we rely on the
[devcontainer feature](https://code.visualstudio.com/docs/remote/containers) of vscode
[devcontainer feature](https://code.visualstudio.com/docs/remote/containers) of VS Code
in combination with Docker Compose.

To use it, you have to have Docker Compose as well as vscode with its "Remote - Containers"
To use it, you have to have Docker Compose as well as VS Code with its "Remote - Containers"
extension (`ms-vscode-remote.remote-containers`) installed.
Then open this repository in vscode and run the command
`Remote-Containers: Reopen in Container` from the vscode "Command Palette".
Then open this repository in VS Code and run the command
`Remote-Containers: Reopen in Container` from the VS Code "Command Palette".

This will give you a full-fledged, pre-configured development environment including:
- infrastructural dependencies of the service (databases, etc.)
- all relevant vscode extensions pre-installed
- pre-configured linting and auto-formating
- all relevant VS Code extensions pre-installed
- pre-configured linting and auto-formatting
- a pre-configured debugger
- automatic license-header insertion

Expand All @@ -101,9 +104,11 @@ if you update dependencies in the [`./pyproject.toml`](./pyproject.toml) or the
[`./requirements-dev.txt`](./requirements-dev.txt), please run it again.

## License

This repository is free to use and modify according to the
[Apache 2.0 License](./LICENSE).

## Readme Generation
This readme is autogenerate, please see [`readme_generation.md`](./readme_generation.md)
## README Generation

This README file is auto-generated, please see [`readme_generation.md`](./readme_generation.md)
for details.
1 change: 1 addition & 0 deletions .static_files
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
.devcontainer/dev_install
.devcontainer/license_header.txt
.devcontainer/Dockerfile
.devcontainer/devcontainer.json

scripts/script_utils/__init__.py
scripts/script_utils/cli.py
Expand Down
41 changes: 25 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,25 +66,26 @@ path "secret/metadata/ekss/*" {


## Installation

We recommend using the provided Docker container.

A pre-build version is available at [docker hub](https://hub.docker.com/repository/docker/ghga/encryption-key-store-service):
```bash
docker pull ghga/encryption-key-store-service:0.3.7
docker pull ghga/encryption-key-store-service:0.3.8
```

Or you can build the container yourself from the [`./Dockerfile`](./Dockerfile):
```bash
# Execute in the repo's root dir:
docker build -t ghga/encryption-key-store-service:0.3.7 .
docker build -t ghga/encryption-key-store-service:0.3.8 .
```

For production-ready deployment, we recommend using Kubernetes, however,
for simple use cases, you could execute the service using docker
on a single server:
```bash
# The entrypoint is preconfigured:
docker run -p 8080:8080 ghga/encryption-key-store-service:0.3.7 --help
docker run -p 8080:8080 ghga/encryption-key-store-service:0.3.8 --help
```

If you prefer not to use containers, you may install the service from source:
Expand All @@ -97,19 +98,24 @@ ekss --help
```

## Configuration

### Parameters

The service requires the following configuration parameters:
- **`debug_vault`** *(boolean)*: If true, runs vault connections over http instead of https. Default: `false`.

- **`vault_host`** *(string)*: URL of the vault instance to connect to without port number.

- **`vault_port`** *(integer)*: Port number of the vault instance to connect to.
- **`vault_url`** *(string)*: URL of the vault instance to connect to.

- **`vault_role_id`** *(string, format: password)*: Vault role ID to access a specific prefix.

- **`vault_secret_id`** *(string, format: password)*: Vault secret ID to access a specific prefix.

- **`vault_verify`**: SSL certificates (CA bundle) used to verify the identity of the vault, or True to use the default CAs, or False for no verification. Default: `true`.

- **Any of**

- *boolean*

- *string*

- **`host`** *(string)*: IP of the host. Default: `"127.0.0.1"`.

- **`port`** *(integer)*: Port to expose the server on the specified host. Default: `8080`.
Expand Down Expand Up @@ -185,19 +191,20 @@ It uses protocol/provider pairs and dependency injection mechanisms provided by


## Development

For setting up the development environment, we rely on the
[devcontainer feature](https://code.visualstudio.com/docs/remote/containers) of vscode
[devcontainer feature](https://code.visualstudio.com/docs/remote/containers) of VS Code
in combination with Docker Compose.

To use it, you have to have Docker Compose as well as vscode with its "Remote - Containers"
To use it, you have to have Docker Compose as well as VS Code with its "Remote - Containers"
extension (`ms-vscode-remote.remote-containers`) installed.
Then open this repository in vscode and run the command
`Remote-Containers: Reopen in Container` from the vscode "Command Palette".
Then open this repository in VS Code and run the command
`Remote-Containers: Reopen in Container` from the VS Code "Command Palette".

This will give you a full-fledged, pre-configured development environment including:
- infrastructural dependencies of the service (databases, etc.)
- all relevant vscode extensions pre-installed
- pre-configured linting and auto-formating
- all relevant VS Code extensions pre-installed
- pre-configured linting and auto-formatting
- a pre-configured debugger
- automatic license-header insertion

Expand All @@ -209,9 +216,11 @@ if you update dependencies in the [`./pyproject.toml`](./pyproject.toml) or the
[`./requirements-dev.txt`](./requirements-dev.txt), please run it again.

## License

This repository is free to use and modify according to the
[Apache 2.0 License](./LICENSE).

## Readme Generation
This readme is autogenerate, please see [`readme_generation.md`](./readme_generation.md)
## README Generation

This README file is auto-generated, please see [`readme_generation.md`](./readme_generation.md)
for details.
Loading

0 comments on commit 243984f

Please sign in to comment.