fix: dependencies update and settings fix

KiraLT · Jul 29, 2022 · 0264d8f · 0264d8f
1 parent 79f9920
commit 0264d8f
Show file tree

Hide file tree

Showing 6 changed files with 649 additions and 642 deletions.
diff --git a/app/handler.py b/app/handler.py
@@ -2,12 +2,14 @@
 
 import shutil
 
-from app.settings import settings
+from app.settings import load_settings
 from app.services.certbot import obtain_certbot_certs
 from app.services.aws import list_secret_names, upload_certs_as_secrets
 
 
 def handler(_event, _context):
+    settings = load_settings()
+
     try:
         shutil.rmtree(str(settings.CERTBOT_DIR), ignore_errors=True)
 
@@ -23,14 +25,14 @@ def handler(_event, _context):
             preferred_chain=settings.CERTBOT_PREFERRED_CHAIN,
             extra_args=settings.CERTBOT_EXTRA_ARGS,
             credentials=settings.CERTBOT_CREDENTIALS,
-            propagation_seconds=settings.CERTBOT_PROPAGATION_SECONDS
+            propagation_seconds=settings.CERTBOT_PROPAGATION_SECONDS,
         )
 
         upload_certs_as_secrets(
             certs,
             name=settings.AWS_SECRET_NAME,
             secret_names=secret_names,
-            description=settings.AWS_SECRET_DESCRIPTION
+            description=settings.AWS_SECRET_DESCRIPTION,
         )
     finally:
         shutil.rmtree(str(settings.CERTBOT_DIR), ignore_errors=True)

diff --git a/app/services/aws.py b/app/services/aws.py
@@ -11,7 +11,7 @@ def list_secret_names() -> list[str]:
 
 
 def upload_certs_as_secrets(
-    certs: list[Cert], name: str, secret_names: list[str] = None, description: str = ''
+    certs: list[Cert], name: str, secret_names: list[str] = None, description: str = ""
 ) -> None:
     for cert in certs:
         name = name.format(domain=slugify(cert.domain))
@@ -20,12 +20,15 @@ def upload_certs_as_secrets(
             name=name,
             data={f.name: f.content for f in cert.files},
             secret_names=secret_names,
-            description=description
+            description=description,
         )
 
 
 def create_or_update_secret(
-    name: str, data: dict[str, str], secret_names: list[str] = None, description: str = ''
+    name: str,
+    data: dict[str, str],
+    secret_names: list[str] = None,
+    description: str = "",
 ):
     secretsmanager = client("secretsmanager")
     secret_names = secret_names if secret_names is not None else list_secret_names()

diff --git a/app/services/certbot.py b/app/services/certbot.py
@@ -25,7 +25,7 @@ def obtain_certbot_certs(
     preferred_chain: str = None,
     extra_args: list[str] = None,
     credentials: str = None,
-    propagation_seconds: Int = None
+    propagation_seconds: int = None,
 ) -> list[Cert]:
     certbot_args = [
         # Override directory paths so script doesn't have to be run as root
@@ -56,22 +56,21 @@ def obtain_certbot_certs(
         "--domains",
         ",".join(domains),
         # Rewrite preferred chain
-        *([
-            "--preferred-chain",
-            preferred_chain
-        ] if preferred_chain else []),
+        *(["--preferred-chain", preferred_chain] if preferred_chain else []),
         # Credentials file
-        *([
-            f"--{dns_plugin}-credentials",
-            create_tmp_file(credentials)
-        ] if credentials else []),
+        *(
+            [f"--{dns_plugin}-credentials", create_tmp_file(credentials)]
+            if credentials
+            else []
+        ),
         # The number of seconds to wait for DNS
-        *([
-            f"--{dns_plugin}-propagation-seconds",
-            propagation_seconds
-        ] if propagation_seconds else []),
+        *(
+            [f"--{dns_plugin}-propagation-seconds", propagation_seconds]
+            if propagation_seconds
+            else []
+        ),
         ## Add custom arguments
-        *(extra_args or [])
+        *(extra_args or []),
     ]
     certbot.main.main(certbot_args)
 
@@ -81,7 +80,7 @@ def obtain_certbot_certs(
 def create_tmp_file(content: str) -> str:
     tmpFile = NamedTemporaryFile(delete=False)
 
-    with open(tmpFile, 'w') as f:
+    with open(tmpFile, "w") as f:
         f.write(content)
 
     return tmpFile.name
@@ -91,14 +90,10 @@ def read_certs_from_path(path: Path) -> list[Cert]:
     certs: list[Cert] = []
     cert_files = ["fullchain.pem", "chain.pem", "privkey.pem", "cert.pem"]
 
-    domains = [
-        v.name
-        for v in path.iterdir()
-        if v.is_dir()
-    ]
+    domains = [v.name for v in path.iterdir() if v.is_dir()]
 
     for domain in domains:
-        if domain.startswith('*.'):
+        if domain.startswith("*."):
             domain = domain[2:]
 
         domain_path = path.joinpath(domain)

diff --git a/app/settings.py b/app/settings.py
@@ -15,12 +15,17 @@ class Settings:
     AWS_DEFAULT_REGION: str
     AWS_SECRET_DESCRIPTION: str
     CERTBOT_PREFERRED_CHAIN: str = None
+    CERTBOT_EXTRA_ARGS: list[str] = None
+    CERTBOT_CREDENTIALS: str = None
+    CERTBOT_PROPAGATION_SECONDS: str = None
 
 
-def read_env(name: str, required: bool = False, multi=False, default=None, delimiter=","):
+def read_env(
+    name: str, required: bool = False, multi=False, default=None, delimiter=","
+):
     value = getenv(name)
 
-    if required and not name:
+    if required and not value:
         raise ValueError(f"Environment variable {name} is required")
 
     if multi:
@@ -34,21 +39,25 @@ def read_env(name: str, required: bool = False, multi=False, default=None, delim
     return default if default is not None else value
 
 
-load_dotenv()
-
-settings = Settings(
-    CERTBOT_EMAILS=read_env("CERTBOT_EMAILS", required=True, multi=True),
-    CERTBOT_DOMAINS=read_env("CERTBOT_DOMAINS", required=True, multi=True),
-    CERTBOT_DNS_PLUGIN=read_env("CERTBOT_DNS_PLUGIN", required=True),
-    CERTBOT_SERVER=read_env(
-        "CERTBOT_SERVER", default="https://acme-v02.api.letsencrypt.org/directory"
-    ),
-    CERTBOT_DIR=Path(read_env("CERTBOT_DIR", default="/tmp/certbot")).resolve(),
-    AWS_DEFAULT_REGION=read_env("AWS_DEFAULT_REGION", required=True),
-    AWS_SECRET_NAME=read_env("AWS_SECRET_NAME", default="certbot-{domain}"),
-    AWS_SECRET_DESCRIPTION=read_env("AWS_SECRET_DESCRIPTION", default="Auto generated SSL certificate by lambda-certbot"),
-    CERTBOT_PREFERRED_CHAIN=read_env("CERTBOT_PREFERRED_CHAIN"),
-    CERTBOT_EXTRA_ARGS=read_env("CERTBOT_EXTRA_ARGS", multi=True, delimiter=" "),
-    CERTBOT_CREDENTIALS=read_env("CERTBOT_CREDENTIALS"),
-    CERTBOT_PROPAGATION_SECONDS=read_env("CERTBOT_PROPAGATION_SECONDS")
-)
+def load_settings() -> Settings:
+    load_dotenv()
+
+    return Settings(
+        CERTBOT_EMAILS=read_env("CERTBOT_EMAILS", required=True, multi=True),
+        CERTBOT_DOMAINS=read_env("CERTBOT_DOMAINS", required=True, multi=True),
+        CERTBOT_DNS_PLUGIN=read_env("CERTBOT_DNS_PLUGIN", required=True),
+        CERTBOT_SERVER=read_env(
+            "CERTBOT_SERVER", default="https://acme-v02.api.letsencrypt.org/directory"
+        ),
+        CERTBOT_DIR=Path(read_env("CERTBOT_DIR", default="/tmp/certbot")).resolve(),
+        AWS_DEFAULT_REGION=read_env("AWS_DEFAULT_REGION", required=True),
+        AWS_SECRET_NAME=read_env("AWS_SECRET_NAME", default="certbot-{domain}"),
+        AWS_SECRET_DESCRIPTION=read_env(
+            "AWS_SECRET_DESCRIPTION",
+            default="Auto generated SSL certificate by lambda-certbot",
+        ),
+        CERTBOT_PREFERRED_CHAIN=read_env("CERTBOT_PREFERRED_CHAIN"),
+        CERTBOT_EXTRA_ARGS=read_env("CERTBOT_EXTRA_ARGS", multi=True, delimiter=" "),
+        CERTBOT_CREDENTIALS=read_env("CERTBOT_CREDENTIALS"),
+        CERTBOT_PROPAGATION_SECONDS=read_env("CERTBOT_PROPAGATION_SECONDS"),
+    )