Release v1.0.0

services/backend/hotpocket_backend/secrets/admin.py

@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+from .base import BaseSecrets
+
+
+class AdminSecrets(BaseSecrets):
+    pass

services/backend/hotpocket_backend/secrets/aio/webapp.py

@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+import json
+import os
+
+from keep_it_secret import EnvField, LiteralField, SecretsField
+
+from hotpocket_backend.secrets.base import (
+    CelerySecrets,
+    DatabaseSecrets,
+    OIDCSecrets,
+)
+from hotpocket_backend.secrets.webapp import WebAppSecrets
+
+
+class DeploymentDatabaseSecrets(DatabaseSecrets):
+    payload: str = LiteralField.new(
+        json.dumps({
+            'engine': os.getenv('HOTPOCKET_BACKEND_DATABASE_ENGINE', 'django.db.backends.sqlite3'),
+            'name': os.getenv('HOTPOCKET_BACKEND_DATABASE_NAME', '/srv/run/hotpocket-backend-aio.sqlite'),
+            'user': os.getenv('HOTPOCKET_BACKEND_DATABASE_USER', ''),
+            'password': os.getenv('HOTPOCKET_BACKEND_DATABASE_PASSWORD', ''),
+            'host': os.getenv('HOTPOCKET_BACKEND_DATABASE_HOST', ''),
+            'port': os.getenv('HOTPOCKET_BACKEND_DATABASE_PORT', ''),
+        }),
+    )
+
+
+class DeploymentOIDCSecrets(OIDCSecrets):
+    payload: str | None = EnvField.new(
+        'HOTPOCKET_BACKEND_OIDC_PAYLOAD', default=None, required=False,
+    )
+
+
+class DeploymentCelerySecrets(CelerySecrets):
+    broker_url: str = EnvField.new(
+        'HOTPOCKET_BACKEND_CELERY_BROKER_URL',
+        default='amqp://guest@rabbitmq.aio.hotpocket/',
+        required=False,
+    )
+    result_backend: str = EnvField.new(
+        'HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND',
+        default='disabled://',
+        required=False,
+    )
+
+
+class AIOWebAppSecrets(WebAppSecrets):
+    SECRET_KEY: str = EnvField.new('HOTPOCKET_BACKEND_SECRET_KEY')
+
+    DATABASE: DeploymentDatabaseSecrets = SecretsField.new(DeploymentDatabaseSecrets)
+    CELERY: DeploymentCelerySecrets = SecretsField.new(DeploymentCelerySecrets)
+
+    OIDC: DeploymentOIDCSecrets = SecretsField.new(DeploymentOIDCSecrets)
+
+
+__secrets__ = AIOWebAppSecrets()

services/backend/hotpocket_backend/secrets/base.py

@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+import json
+
+from keep_it_secret import AbstractField, LiteralField, Secrets, SecretsField
+
+
+class DatabaseSecrets(Secrets):
+    payload: str = AbstractField.new()
+
+    def get_decoded_payload(self) -> dict:
+        if hasattr(self, '_decoded_payload') is False:
+            self._decoded_payload = json.loads(self.payload)
+
+        return self._decoded_payload
+
+    @property
+    def engine(self) -> str:
+        return self.get_decoded_payload()['engine']
+
+    @property
+    def name(self) -> str:
+        return self.get_decoded_payload()['name']
+
+    @property
+    def user(self) -> str | None:
+        return self.get_decoded_payload().get('user', None)
+
+    @property
+    def password(self) -> str | None:
+        return self.get_decoded_payload().get('password', None)
+
+    @property
+    def host(self) -> str | None:
+        return self.get_decoded_payload().get('host', None)
+
+    @property
+    def port(self) -> str | None:
+        return self.get_decoded_payload().get('port', None)
+
+
+class OIDCSecrets(Secrets):
+    DEFAULT_SCOPE = ['roles']
+
+    payload: str | None = LiteralField.new(None)
+
+    def get_decoded_payload(self) -> dict:
+        if hasattr(self, '_decoded_payload') is False:
+            if self.payload is None:
+                self._decoded_payload = dict()
+            else:
+                self._decoded_payload = json.loads(self.payload)
+
+        return self._decoded_payload
+
+    @property
+    def is_enabled(self) -> bool:
+        return self.payload is not None
+
+    @property
+    def endpoint(self) -> str | None:
+        return self.get_decoded_payload().get('endpoint', None)
+
+    @property
+    def key(self) -> str | None:
+        return self.get_decoded_payload().get('key', None)
+
+    @property
+    def secret(self) -> str | None:
+        return self.get_decoded_payload().get('secret', None)
+
+    @property
+    def scope(self) -> list[str]:
+        return self.get_decoded_payload().get('scope', [*self.DEFAULT_SCOPE])
+
+    @property
+    def display_name(self) -> str:
+        return self.get_decoded_payload().get('display_name', 'OIDC')
+
+
+class CelerySecrets(Secrets):
+    broker_url: str = AbstractField.new()
+    result_backend: str = AbstractField.new()
+
+
+class BaseSecrets(Secrets):
+    SECRET_KEY: str = AbstractField.new()
+
+    DATABASE: DatabaseSecrets = SecretsField.new(DatabaseSecrets)
+    CELERY: CelerySecrets = SecretsField.new(CelerySecrets)
+
+    OIDC: OIDCSecrets = SecretsField.new(OIDCSecrets)

services/backend/hotpocket_backend/secrets/deployment/admin.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+from keep_it_secret import EnvField, SecretsField
+
+from hotpocket_backend.secrets.admin import AdminSecrets
+
+from .common import (
+    DeploymentCelerySecrets,
+    DeploymentDatabaseSecrets,
+    DeploymentOIDCSecrets,
+)
+
+
+class DeploymentAdminSecrets(AdminSecrets):
+    SECRET_KEY: str = EnvField.new('HOTPOCKET_BACKEND_SECRET_KEY')
+
+    DATABASE: DeploymentDatabaseSecrets = SecretsField.new(DeploymentDatabaseSecrets)
+    CELERY: DeploymentCelerySecrets = SecretsField.new(DeploymentCelerySecrets)
+
+    OIDC: DeploymentOIDCSecrets = SecretsField.new(DeploymentOIDCSecrets)
+
+
+__secrets__ = DeploymentAdminSecrets()

services/backend/hotpocket_backend/secrets/deployment/common.py

@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+import json
+import os
+
+from keep_it_secret import EnvField, LiteralField
+
+from hotpocket_backend.secrets.base import (
+    CelerySecrets,
+    DatabaseSecrets,
+    OIDCSecrets,
+)
+
+
+class DeploymentDatabaseSecrets(DatabaseSecrets):
+    payload: str = LiteralField.new(
+        json.dumps({
+            'engine': os.getenv('HOTPOCKET_BACKEND_DATABASE_ENGINE', 'django.db.backends.postgresql'),
+            'name': os.getenv('HOTPOCKET_BACKEND_DATABASE_NAME', ''),
+            'user': os.getenv('HOTPOCKET_BACKEND_DATABASE_USER', ''),
+            'password': os.getenv('HOTPOCKET_BACKEND_DATABASE_PASSWORD', ''),
+            'host': os.getenv('HOTPOCKET_BACKEND_DATABASE_HOST', ''),
+            'port': os.getenv('HOTPOCKET_BACKEND_DATABASE_PORT', '5432'),
+        }),
+    )
+
+
+class DeploymentOIDCSecrets(OIDCSecrets):
+    payload: str | None = EnvField.new(
+        'HOTPOCKET_BACKEND_OIDC_PAYLOAD', default=None, required=False,
+    )
+
+
+class DeploymentCelerySecrets(CelerySecrets):
+    broker_url: str = EnvField.new(
+        'HOTPOCKET_BACKEND_CELERY_BROKER_URL',
+        default=None,
+        required=False,
+    )
+    result_backend: str = EnvField.new(
+        'HOTPOCKET_BACKEND_CELERY_RESULT_BACKEND',
+        default=None,
+        required=False,
+    )

services/backend/hotpocket_backend/secrets/deployment/webapp.py

@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+from keep_it_secret import EnvField, SecretsField
+
+from hotpocket_backend.secrets.webapp import WebAppSecrets
+
+from .common import (
+    DeploymentCelerySecrets,
+    DeploymentDatabaseSecrets,
+    DeploymentOIDCSecrets,
+)
+
+
+class DeploymentWebAppSecrets(WebAppSecrets):
+    SECRET_KEY: str = EnvField.new('HOTPOCKET_BACKEND_SECRET_KEY')
+
+    DATABASE: DeploymentDatabaseSecrets = SecretsField.new(DeploymentDatabaseSecrets)
+    CELERY: DeploymentCelerySecrets = SecretsField.new(DeploymentCelerySecrets)
+
+    OIDC: DeploymentOIDCSecrets = SecretsField.new(DeploymentOIDCSecrets)
+
+
+__secrets__ = DeploymentWebAppSecrets()

services/backend/hotpocket_backend/secrets/webapp.py

@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+from __future__ import annotations
+
+from .base import BaseSecrets
+
+
+class WebAppSecrets(BaseSecrets):
+    pass