diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml new file mode 100644 index 0000000..5c1fab5 --- /dev/null +++ b/.github/workflows/python-publish.yml @@ -0,0 +1,41 @@ +name: pypi-publish + +on: + release: + types: + - published + push: + branches: + - main + paths: + - '**/*.py' + workflow_dispatch: + inputs: + dry_run: + type: choice + description: Dry run mode + required: true + options: + - "true" + - "false" + +jobs: + pypi-publisher: + runs-on: thevickypedia-lite + steps: + - name: Set dry-run + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "::notice title=DryRun::Setting dry run to ${{ inputs.dry_run }} for '${{ github.event_name }}' event" + echo "dry_run=${{ inputs.dry_run }}" >> $GITHUB_ENV + elif [[ "${{ github.event_name }}" == "push" ]]; then + echo "::notice title=DryRun::Setting dry run to true for '${{ github.event_name }}' event" + echo "dry_run=true" >> $GITHUB_ENV + else + echo "::notice title=DryRun::Setting dry run to false for '${{ github.event_name }}' event" + echo "dry_run=false" >> $GITHUB_ENV + fi + - uses: thevickypedia/pypi-publisher@v3 + with: + token: ${{ secrets.PYPI_TOKEN }} + dry-run: ${{ env.dry_run }} diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..c113497 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,43 @@ +[project] +name = "VaultAPI" +dynamic = ["version", "dependencies"] +description = "API to create and retrieve secrets from an encrypted vault." +readme = "README.md" +authors = [{ name = "Vignesh Rao", email = "svignesh1793@gmail.com" }] +license = { file = "LICENSE" } +classifiers = [ + "License :: OSI Approved :: MIT License", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Development Status :: 2 - Pre-Alpha", + "Operating System :: MacOS :: MacOS X", + "Operating System :: Microsoft :: Windows", + "Operating System :: POSIX :: Linux" +] +keywords = ["vaultapi", "vault", "fastapi"] +requires-python = ">=3.10" + +[tool.setuptools] +packages = ["vaultapi"] + +[tool.setuptools.dynamic] +version = {attr = "vaultapi.version"} +dependencies = { file = ["requirements.txt"] } + +[project.optional-dependencies] +dev = ["sphinx==5.1.1", "pre-commit", "recommonmark", "gitverse"] + +[project.scripts] +# sends all the args to commandline function, where the arbitary commands as processed accordingly +vaultapi = "vaultapi:commandline" + +[build-system] +requires = ["setuptools", "wheel"] +build-backend = "setuptools.build_meta" + +[project.urls] +Homepage = "https://github.com/thevickypedia/VaultAPI" +Docs = "https://thevickypedia.github.io/VaultAPI" +Source = "https://github.com/thevickypedia/VaultAPI" +"Bug Tracker" = "https://github.com/thevickypedia/VaultAPI/issues" +"Release Notes" = "https://github.com/thevickypedia/VaultAPI/blob/main/release_notes.rst" diff --git a/vaultapi/__init__.py b/vaultapi/__init__.py index 912f9f6..1d0b750 100644 --- a/vaultapi/__init__.py +++ b/vaultapi/__init__.py @@ -1,3 +1,72 @@ +import sys + +import click +from cryptography.fernet import Fernet + from vaultapi.main import start # noqa: F401 version = "0.0.0" + + +@click.command() +@click.argument("run", required=False) +@click.argument("start", required=False) +@click.argument("keygen", required=False) +@click.option("--version", "-V", is_flag=True, help="Prints the version.") +@click.option("--help", "-H", is_flag=True, help="Prints the help section.") +@click.option( + "--env", + "-E", + type=click.Path(exists=True), + help="Environment configuration filepath.", +) +def commandline(*args, **kwargs) -> None: + """Starter function to invoke vaultapi via CLI commands. + + **Flags** + - ``--version | -V``: Prints the version. + - ``--help | -H``: Prints the help section. + - ``--env | -E``: Environment configuration filepath. + + **Commands** + ``encryptor | decryptor``: Initiates the API server. + """ + assert sys.argv[0].lower().endswith("vaultapi"), "Invalid commandline trigger!!" + options = { + "--version | -V": "Prints the version.", + "--help | -H": "Prints the help section.", + "--env | -E": "Environment configuration filepath.", + "start | run": "Initiates the API server.", + } + # weird way to increase spacing to keep all values monotonic + _longest_key = len(max(options.keys())) + _pretext = "\n\t* " + choices = _pretext + _pretext.join( + f"{k} {'·' * (_longest_key - len(k) + 8)}→ {v}".expandtabs() + for k, v in options.items() + ) + if kwargs.get("version"): + click.echo(f"vaultapi {version}") + sys.exit(0) + if kwargs.get("help"): + click.echo( + f"\nUsage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}" + ) + sys.exit(0) + trigger = kwargs.get("start") or kwargs.get("run") or kwargs.get("keygen") or "" + if trigger and trigger.lower() in ("start", "run"): + # Click doesn't support assigning defaults like traditional dictionaries, so kwargs.get("max", 100) won't work + start(env_file=kwargs.get("env")) + sys.exit(0) + elif trigger.lower() == "keygen": + key = Fernet.generate_key() + click.secho( + f"\nStore this as 'secret' or pass it as kwargs\n\n{key.decode()}\n" + ) + sys.exit(0) + else: + click.secho(f"\n{kwargs}\nNo command provided", fg="red") + click.echo( + f"Usage: vaultapi [arbitrary-command]\nOptions (and corresponding behavior):{choices}" + ) + sys.exit(1) diff --git a/vaultapi/main.py b/vaultapi/main.py index 0202498..f75eab0 100644 --- a/vaultapi/main.py +++ b/vaultapi/main.py @@ -15,12 +15,11 @@ def start(**kwargs) -> None: Keyword Args: env_file: Env filepath to load the environment variables. - apikey: API Key for authentication. - ninja_host: Hostname for the API server. - ninja_port: Port number for the API server. + apikey: API Key to authenticate the server. + secret: Secret access key to access the secret content. + host: Hostname for the API server. + port: Port number for the API server. workers: Number of workers for the uvicorn server. - remote_execution: Boolean flag to enable remote execution. - api_secret: Secret access key for running commands on server remotely. database: FilePath to store the auth database that handles the authentication errors. rate_limit: List of dictionaries with ``max_requests`` and ``seconds`` to apply as rate limit. log_config: Logging configuration as a dict or a FilePath. Supports .yaml/.yml, .json or .ini formats.