-
Notifications
You must be signed in to change notification settings - Fork 45
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into task/updated-documentation
- Loading branch information
Showing
52 changed files
with
1,348 additions
and
315 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,6 +14,7 @@ nosetests.xml | |
.coverage | ||
.tox | ||
py_ms.egg-info/* | ||
.eggs/* | ||
pylintReport.txt | ||
.scannerwork/ | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,8 @@ | ||
include README.md | ||
include requirements.txt | ||
include requirements-tests.txt | ||
recursive-include pyms * | ||
recursive-include pyms * | ||
recursive-exclude tests * | ||
recursive-exclude examples * | ||
prune tests | ||
prune examples |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,36 +1,13 @@ | ||
[[source]] | ||
name = "pypi" | ||
url = "https://pypi.org/simple" | ||
verify_ssl = true | ||
name = "pypi" | ||
|
||
[packages] | ||
flask = ">=1.1.1" | ||
python-json-logger = ">=0.1.10" | ||
pyyaml = ">=5.1.2" | ||
anyconfig = ">=0.9.8" | ||
swagger-ui-bundle = ">=0.0.2" | ||
connexion = {extras = ["swagger-ui"],version = "==2.4.0"} | ||
jaeger-client = "==4.3.0" | ||
flask-opentracing = "*" | ||
opentracing = ">=2.1" | ||
opentracing-instrumentation = "==3.2.1" | ||
prometheus_client = ">=0.7.1" | ||
|
||
[dev-packages] | ||
requests-mock = "*" | ||
coverage = "==4.5.4" | ||
pytest = "*" | ||
pytest-cov = "*" | ||
pylint = "*" | ||
flake8 = "*" | ||
tox = "*" | ||
bandit = "*" | ||
mkdocs = "*" | ||
mkdocs-material = "*" | ||
lightstep = "==4.3.0" | ||
py-ms = {editable = true,extras = ["tests"],path = "."} | ||
|
||
[requires] | ||
python_version = "3.6" | ||
[packages] | ||
py-ms = {editable = true,extras = ["all"],path = "."} | ||
|
||
[pipenv] | ||
allow_prereleases = true | ||
[requires] | ||
python_version = "3.7" |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
# Commnand line | ||
|
||
PyMS has some command to make easy your developments: | ||
|
||
```bash | ||
pyms -h | ||
``` | ||
Show you a list of options and help instructions to use this command like: | ||
|
||
```bash | ||
usage: main.py [-h] [-v VERBOSE] {encrypt,create-key,startproject} ... | ||
|
||
Python Microservices | ||
|
||
optional arguments: | ||
-h, --help show this help message and exit | ||
-v VERBOSE, --verbose VERBOSE | ||
Verbose | ||
|
||
Commands: | ||
Available commands | ||
|
||
{encrypt,create-key,startproject} | ||
encrypt Encrypt a string | ||
create-key Generate a Key to encrypt strings in config | ||
startproject Generate a project from https://github.com/python- | ||
microservices/microservices-template | ||
|
||
``` | ||
|
||
## Start a project | ||
|
||
Command: | ||
```bash | ||
pyms startproject | ||
``` | ||
|
||
This command create a project template like [Microservices Scaffold](https://github.com/python-microservices/microservices-scaffold). | ||
This command use [cookiecutter](https://github.com/cookiecutter/cookiecutter) to download and install this [template](https://github.com/python-microservices/microservices-template) | ||
|
||
!!! warning | ||
You must run first `pip install cookiecutter==1.7.0` | ||
|
||
## Create a key encrypt/decrypt file | ||
|
||
Command: | ||
```bash | ||
pyms create-key | ||
``` | ||
|
||
Create a key file to encrypt strings in your configuration file. This key is created with [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). | ||
You can run the next command in the terminal. See [Encrypt/Decrypt Configuration](encrypt_decryt_configuration.md) | ||
for more information | ||
|
||
## Encrypt a string | ||
|
||
Command: | ||
```bash | ||
pyms encrypt [string] | ||
``` | ||
|
||
Encrypt a string to use in your [configfile](configuration.md) | ||
|
||
```bash | ||
pyms encrypt 'mysql+mysqlconnector://important_user:****@localhost/my_schema' | ||
>> Encrypted OK: b'gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA==' | ||
``` | ||
|
||
See [Encrypt/Decrypt Configuration](encrypt_decryt_configuration.md) for more information |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# Encrypt Configuration | ||
|
||
## Configuration | ||
|
||
When you work in multiple environments: local, dev, testing, production... you must set critical configuration in your | ||
variables, like: | ||
|
||
config.yml, for local propose: | ||
```yaml | ||
pyms: | ||
config: | ||
DEBUG: true | ||
TESTING: true | ||
APPLICATION_ROOT : "" | ||
SECRET_KEY: "gjr39dkjn344_!67#" | ||
SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://user_of_db:user_of_db@localhost/my_schema | ||
``` | ||
config_pro.yml, for production environment: | ||
```yaml | ||
pyms: | ||
config: | ||
DEBUG: true | ||
TESTING: true | ||
APPLICATION_ROOT : "" | ||
SECRET_KEY: "gjr39dkjn344_!67#" | ||
SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://important_user:****@localhost/my_schema | ||
``` | ||
You can move this file to a [Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/), | ||
use [Vault](https://learn.hashicorp.com/vault) or encrypt the configuration with [AWS KMS](https://aws.amazon.com/en/kms/) | ||
or [Google KMS](https://cloud.google.com/kms). We strongly recommended this ways to encrypt/decrypt your configuration, | ||
but if you want a no vendor locking option or you haven`t the resources to use this methods, we create a way to encrypt | ||
and decrypt your variables. | ||
|
||
## 1. Generate a key | ||
PyMS has a command line option to create a key file. This key is created with [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard). | ||
You can run the next command in the terminal: | ||
|
||
```bash | ||
pyms create-key | ||
``` | ||
|
||
Then, type a password and it will create a file called `key.key`. This file contains a unique key. If you loose this file | ||
and re-run the create command, the key hash will be different and your code encrypted with this key won't be able to be decrypted. | ||
|
||
Store the key in a secure site, and NOT COMMIT this key to your repository. | ||
|
||
|
||
## 2. Add your key to your environment | ||
|
||
Move, for example, your key to `mv key.key /home/my_user/keys/myproject.key` | ||
|
||
then, store this key in a environment variable with: | ||
|
||
```bash | ||
export KEY_FILE=/home/my_user/keys/myproject.key | ||
``` | ||
|
||
## 3. Encrypt your information and put in config | ||
|
||
Do you remember the example file `config_pro.yml`? Now you can encrypt and decrypt the information, you can run the command | ||
`pyms encrypt [string]` to generate a crypt string, for example: | ||
|
||
```bash | ||
pyms encrypt 'mysql+mysqlconnector://important_user:****@localhost/my_schema' | ||
>> Encrypted OK: b'gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA==' | ||
``` | ||
|
||
And put this string in your `config_pro.yml`: | ||
```yaml | ||
pyms: | ||
config: | ||
DEBUG: true | ||
TESTING: true | ||
APPLICATION_ROOT : "" | ||
SECRET_KEY: "gjr39dkjn344_!67#" | ||
ENC_SQLALCHEMY_DATABASE_URI: gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA== | ||
``` | ||
|
||
Do you see the difference between `ENC_SQLALCHEMY_DATABASE_URI` and `SQLALCHEMY_DATABASE_URI`? In the next step you | ||
can find the answer | ||
|
||
## 4. Decrypt from your config file | ||
|
||
Pyms knows if a variable is encrypted if this var start with the prefix `enc_` or `ENC_`. PyMS searchs for your key file | ||
in the `KEY_FILE` env variable and decrypt this value and store it in the same variable without the `enc_` prefix, | ||
por example, | ||
|
||
```yaml | ||
ENC_SQLALCHEMY_DATABASE_URI: gAAAAABeSwBJv43hnGAWZOY50QjBX6uGLxUb3Q6fcUhMxKspIVIco8qwwZvxRg930uRlsd47isroXzkdRRnb4-x2dsQMp0dln8Pm2ySHH7TryLbQYEFbSh8RQK7zor-hX6gB-JY3uQD3IMtiVKx9AF95D6U4ydT-OA== | ||
``` | ||
|
||
Will be stored as | ||
|
||
```bash | ||
SQLALCHEMY_DATABASE_URI: mysql+mysqlconnector://user_of_db:user_of_db@localhost/my_schema | ||
``` | ||
|
||
And you can access to this var with `current_app.config["SQLALCHEMY_DATABASE_URI"]` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
# Examples | ||
|
||
```bash | ||
pip install py-ms | ||
pip install py-ms[all] | ||
``` | ||
|
||
config.yml: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.