Repository files navigation

python-rasenmaeher-api

This application can be configured with environment variables. Below is a example list of available variables.You can find all available variables herehttps://github.com/pvarki/python-rasenmaeher-api/blob/main/src/rasenmaeher_api/settings.py.

You can create .env file in the root directory and place allenvironment variables here.

All environment variables should start with RM_ prefix.

For example if you see in your "rasenmaeher_api/settings.py" a variable named likerandom_parameter, you should provide the "RM_RANDOM_PARAMETER"variable to configure the value. This behaviour can be changed by overriding env_prefix propertyin rasenmaeher_api.settings.Settings.Config.

An example of .env file:`bashRM_RELOAD="True"RM_PORT="8000"RM_ENVIRONMENT="dev"`

You can read more about BaseSettings class here:https://pydantic-docs.helpmanual.io/usage/settings/

Integration APIs are always https in port 4625.Default location for the manifest is /pvarki/kraftwerk-rasenmaeher-init.json

`json{"dns": "sleepy-sloth.pvarki.fi","products": {"tak": "tak.sleepy-sloth.pvarki.fi","ptt": "ptt.sleepy-sloth.pvarki.fi"}}`

# REQUEST A NEW CERTIFICATE USING CSR (requires cfssl backend for the api container)

`curl -L -H "Content-Type: application/json" -d '{"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIIBUjCB+QIBADBqMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLZXhhbXBsZS5jb20x\nFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xEzARBgNVBAgTCkNhbGlmb3JuaWExGDAW\nBgNVBAMTD3d3dy5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA\nBK/CtZaQ4VliKE+DLIVGLwtSxJgtUKRzGvN1EwI3HRgKDQ3l3urBIzHtUcdMq6HZ\nb8jX0O9fXYUOf4XWggrLk1agLTArBgkqhkiG9w0BCQ4xHjAcMBoGA1UdEQQTMBGC\nD3d3dy5leGFtcGxlLmNvbTAKBggqhkjOPQQDAgNIADBFAiAcvfhXnsLtzep2sKSa\n36W7G9PRbHh8zVGlw3Hph8jR1QIhAKfrgplKwXcUctU5grjQ8KXkJV8RxQUo5KKs\ngFnXYtkb\n-----END CERTIFICATE REQUEST-----\n"}' 127.0.0.1:8000/api/v1/takreg | jq`

# REQUEST A NEW CERTIFICATE WITHOUT CSR (requires cfssl backend for the api container)

`curl -L -H "Content-Type: application/json" -d '{ "request": {"hosts":["harjoitus1.pvarki.fi"], "names":[{"C":"FI", "ST":"Jyvaskyla", "L":"KeskiSuomi", "O":"harjoitus1.pvarki.fi"}], "CN": "harjoitus1.pvarki.fi"}, "bundle":true, "profile":"client"}' 127.0.0.1:8000/takreg | jq`

# LIST CFSSL CRL LIST

`curl -L -H "Content-Type: application/json" -d '{ "request": {"hosts":["harjoitus1.pvarki.fi"], "names":[{"C":"FI", "ST":"Jyvaskyla", "L":"KeskiSuomi", "O":"harjoitus1.pvarki.fi"}], "CN": "harjoitus1.pvarki.fi"}, "bundle":true, "profile":"client"}' 127.0.0.1:8000/takreg | jq`

The cfssl used behind API listens this kind of stuffhttps://github.com/cloudflare/cfssl/blob/master/doc/api/endpoint_newcert.txt

# Enrollment - Enroll a new work_id

`curl -H "Content-Type: application/json" -d '{"work_id":"porakoira666"}' http://127.0.0.1:8000/api/v1/enrollment/init`

# Enrollment - Check the status and availability of work_id

`curl http://127.0.0.1:8000/api/v1/enrollment/status/koira`

# Enrollment - Request the download link using the provided work_id_hash

`curl http://127.0.0.1:8000/api/v1/enrollment/deliver/zxzxzxzxzxzxzxxzzx`

# Enrollment - Accept enrollment using permit_str

`curl -H "Content-Type: application/json" -d '{"enroll_str":"zxzxzxzxzxzxzxxzzx", "permit_str":"PaulinTaikaKaulinOnKaunis_PaulisMagicPinIsBuuutiful!11!1"}' http://127.0.0.1:8000/api/v1/enrollment/accept`

# Enrollment - Set download link for enrollment

`curl -H "Content-Type: application/json" -d '{"download_link":"https://kuvaton.com","enroll_str":"zxzxzxzxzxzxzxxzzx", "permit_str":"PaulinTaikaKaulinOnKaunis_PaulisMagicPinIsBuuutiful!11!1"}' http://127.0.0.1:8000/api/v1/enrollment/config/set-dl-link`

# Enrollment - Set state for enrollment

`curl -H "Content-Type: application/json" -d '{"state":"ReadyForDelivery","enroll_str":"zxzxzxzxzxzxzxxzzx", "permit_str":"PaulinTaikaKaulinOnKaunis_PaulisMagicPinIsBuuutiful!11!1"}' http://127.0.0.1:8000/api/v1/enrollment/config/set-state`

# Enrollment - Add new permit_str

`curl -H "Content-Type: application/json" -d '{"permissions_str":"all", "new_permit_hash":"too_short","permit_str":"PaulinTaikaKaulinOnKaunis_PaulisMagicPinIsBuuutiful!11!1"}' http://127.0.0.1:8000/api/v1/enrollment/config/add-manager`

For more controlled deployments and to get rid of "works on my computer" -syndrome, we alwaysmake sure our software works under docker.

It's also a quick way to get started with a standard development environment.

We needbuildkit:

export DOCKER_BUILDKIT=1

And also the exact way for forwarding agent to running instance is different on OSX:

export DOCKER_SSHAGENT="-v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK=/run/host-services/ssh-auth.sock"

and Linux:

export DOCKER_SSHAGENT="-v $SSH_AUTH_SOCK:$SSH_AUTH_SOCK -e SSH_AUTH_SOCK"

Build image, create container and start it:

docker build --ssh default --target devel_shell -t rasenmaeher_api:devel_shell .docker create --name rasenmaeher_api_devel -v `pwd`":/app" -it `echo $DOCKER_SSHAGENT` rasenmaeher_api:devel_shelldocker start -i rasenmaeher_api_devel

If working in Docker instead of native env you need to run the pre-commit checks in docker too:

docker exec -i rasenmaeher_api_devel /bin/bash -c "pre-commit install --install-hooks"docker exec -i rasenmaeher_api_devel /bin/bash -c "pre-commit run --all-files"

You need to have the container running, see above. Or alternatively use the docker run syntax but usingthe running container is faster:

docker run --rm -it -v `pwd`":/app" rasenmaeher_api:devel_shell -c "pre-commit run --all-files"

You can use the devel shell to run py.test when doing development, for CI usethe "tox" target in the Dockerfile:

docker build --ssh default --target tox -t rasenmaeher_api:tox .docker run --rm -it --network host -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`":/app" `echo $DOCKER_SSHAGENT` rasenmaeher_api:tox

NOTE: This will not work from the git submodule directory in the integration repo, docker testsmust be run from the original repo.

There's a "production" target as well for running the application, remember to change thatarchitecture tag to arm64 if building on ARM:

docker build --ssh default --target production -t rasenmaeher_api:amd64-latest .docker run --rm -it --name rasenmaeher_openapijson rasenmaeher_api:amd64-latest rasenmaeher_api openapidocker run -it --name rasenmaeher_api rasenmaeher_api:amd64-latest

There is also a specific target for just dumping the openapi.json:

docker build --ssh default --target openapi -t rasenmaeher_api:amd64-openapi .docker run --rm -it --name rasenmaeher_openapijson rasenmaeher_api:amd64-openapi

TLDR:

• Create and activate a Python 3.11 virtualenv (assuming virtualenvwrapper):

  mkvirtualenv -p `which python3.11` my_virtualenv

• change to a branch:

  git checkout -b my_branch

• install Poetry:https://python-poetry.org/docs/#installation

• Install project deps and pre-commit hooks:

  poetry installpre-commit install --install-hookspre-commit run --all-files

• Ready to go.

Remember to activate your virtualenv whenever working on the repo, this is neededbecause pylint and mypy pre-commit hooks use the "system" python for now (because reasons).