Improved code quality (#7)

- Squashed potential bugs. - Deepsource tags: BAN-B104, PTC-W0019, PTC-W0049, PYL-W0125, BAN-B605, PYL-R1710, PYL-R1722, PYL-W0621, PYL-W0613.
bearlike · Apr 10, 2022 · 57d1a82 · 57d1a82
1 parent 0b25f4d
commit 57d1a82
Show file tree

Hide file tree

Showing 11 changed files with 29 additions and 19 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -36,7 +36,7 @@ jobs:
         env:
           IMG_NAME: ${{ 'krishnaalagiri/ssm' }}
           # Versioning: MAJOR.MINOR.PATCH (eg., 1.2.3)
-          VERSION_FULL: ${{ '1.1.1' }}
+          VERSION_FULL: ${{ '1.1.2' }}
           # For v1.2.3, VERSION_SHORT is '1.2'
           VERSION_SHORT: ${{ '1.1' }}
           # For v1.2.3, VERSION_MAJOR is '1'

diff --git a/Access/is_auth.py b/Access/is_auth.py
@@ -10,19 +10,21 @@
 
 
 @token.verify_token
-def abort_if_authorization_fail(token):
+def abort_if_authorization_fail(token_to_check):
     """ Check if an API token is valid
     Args:
-        token (str): API Token
+        token_to_check (str): API Token
     """
-    check, username = conn.tokens.is_authorized(token)
+    check, username = conn.tokens.is_authorized(token_to_check)
     if check:
         return username
     api.abort(401, "Not Authorized to access the requested resource")
+    return None
 
 
 @userpass.verify_password
 def verify_userpass(username, password):
     if conn.userpass.is_authorized(username, password):
         return username
     api.abort(401, "Not Authorized to access the requested resource")
+    return None
diff --git a/Access/tokens.py b/Access/tokens.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """ Token authentication for Secrets Manager
 """
-# TODO: Max TTL, Access Control
+# TODO: Implement Max TTL, Access Control
 
 from bson.timestamp import Timestamp
 import datetime as dt
@@ -30,6 +30,7 @@ def generate(self, username, max_ttl=15811200):
         data = {
             "token": token,
             "owner": username,
+            "max_ttl": max_ttl,
             "generated_on": Timestamp(int(dt.datetime.today().timestamp()), 1),
         }
         _ = self._tokens.insert_one(data)
@@ -66,4 +67,5 @@ def is_authorized(self, token):
         return True, finder["owner"]
 
     def renew(self):
+        # TODO: Implement renew to extend MAX TTL
         pass
diff --git a/Api/api.py b/Api/api.py
@@ -17,7 +17,7 @@
 
 conn = Connection()
 api_v1 = Blueprint("api", __name__, url_prefix="/api")
-api = Api(api_v1, version="1.1.1", title="Simple Secrets Manager",
+api = Api(api_v1, version="1.1.2", title="Simple Secrets Manager",
           description="Secrets management simplified",
           authorizations=authorizations)
 app = Flask(__name__)
@@ -26,6 +26,7 @@
 
 # Import API Resources
 # The below conditions prevents IDE auto-formatting
+# skipcq: PYL-W0125
 if True:
     # Secret Engines
     from Api.resources.secrets.kv_resource import Engine_KV  # noqa: F401

diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,7 @@
 FROM python:3.8-slim-buster
 
 LABEL com.ssm.title="Simple Secrets Manager"
-LABEL com.ssm.version="1.1.1"
+LABEL com.ssm.version="1.1.2"
 LABEL com.ssm.author.name="Krishnakanth Alagiri"
 LABEL com.ssm.author.github="https://github.com/bearlike"
 LABEL com.ssm.repo="https://github.com/bearlike/simple-secrets-manager"

diff --git a/Engines/kv.py b/Engines/kv.py
@@ -40,7 +40,7 @@ def add(self, path, key, value):
             # Create a Path where kv(s) goes into
             finder = {
                 "path": path,
-                "data": dict(),
+                "data": {},
             }
             _ = self._kv.insert_one(finder)
         if key not in finder["data"].keys():

diff --git a/build.sh b/build.sh
@@ -4,7 +4,7 @@
 # $ docker login -u <username>
 #
 # We try to follow [SemVer v2.0.0](https://semver.org/)
-VERSION="1.1.1"
+VERSION="1.1.2"
 # If $VERSION = "1.2.3"
 # ${VERSION::3} will be "1.2"
 # ${VERSION::1} will be "1"

diff --git a/connection.py b/connection.py
@@ -1,12 +1,13 @@
 #!/usr/bin/env python3
-""" Brains for the Secrets Manager
+""" Database model for the Secrets Manager
 """
 import pymongo
 import logging
 import os
-# Secret Engines
+import sys
+# Secret engines imports
 from Engines.kv import Key_Value_Secrets as _KV
-# Auth Methods
+# Auth methods imports
 from Access.tokens import Tokens as _Tokens
 from Access.userpass import User_Pass as _User_Pass
 
@@ -15,7 +16,7 @@ class Connection:
     def __init__(self):
         if os.environ.get("CONNECTION_STRING") is None:
             logging.error("CONNECTION_STRING variable not found")
-            exit(-1)
+            sys.exit(-1)
         # Create a connection using MongoClient.
         self._client = pymongo.MongoClient(os.environ["CONNECTION_STRING"])
         self._data = self._client["secrets_manager_data"]

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -22,7 +22,7 @@ services:
     networks:
       - app-tier
 
-  app:
+  ssm-app:
     image: krishnaalagiri/ssm:latest
     restart: always
     depends_on:

diff --git a/docs/README_dockerhub.md b/docs/README_dockerhub.md
@@ -13,7 +13,8 @@ Secure storage, and delivery for tokens, passwords, API keys, and other secrets
 
 
 ## Supported tags and respective [Dockerfile](https://github.com/bearlike/simple-secrets-manager/blob/main/Dockerfile) links
-- [`1.1.1`, `1.1`, `1`, `latest`](https://github.com/bearlike/simple-secrets-manager/blob/releases/v1.1.1/Dockerfile)
+- [`1.1.2`, `1.1`, `1`, `latest`](https://github.com/bearlike/simple-secrets-manager/blob/releases/v1.1.2/Dockerfile)
+- [`1.1.1`](https://github.com/bearlike/simple-secrets-manager/blob/releases/v1.1.1/Dockerfile)
 - [`1.1.0`](https://github.com/bearlike/simple-secrets-manager/blob/releases/v1.1.0/Dockerfile)
 - [`1.0.0`, `1.0`](https://github.com/bearlike/simple-secrets-manager/blob/releases/v1.0.0/Dockerfile)
 
@@ -49,13 +50,16 @@ Hashi Corp Vault works well but it was meant for enterprises. Therefore, it was
 ## Getting started
 ### Automated Install: [`docker-compose`](https://docs.docker.com/compose/install/) (Recommended)
 1. Run the [stack](https://github.com/bearlike/simple-secrets-manager/blob/main/docker-compose.yml) by executing `docker-compose up -d`.
-
+2. Stop stack by executing `docker-compose down`
 ```yaml
 version: '3'
 volumes:
   mongo_data:
 
 services:
+  # From v5.0.0, mongoDB requires atleast ARMv8.2-A microarchitecture to run.
+  # So we're going with v4 to improve compatibility on SBCs such as
+  # Raspberry Pi 4 and Odroid C2 with ARMv8.0-A
   mongo:
     image: mongo:4
     restart: always
@@ -67,8 +71,9 @@ services:
     networks:
       - app-tier
 
-  app:
+  ssm-app:
     image: krishnaalagiri/ssm:latest
+    restart: always
     depends_on:
       - mongo
     ports:

diff --git a/server.py b/server.py
@@ -15,13 +15,12 @@
 
 def init_app():
     from Api.api import app
-    app.run(host='0.0.0.0',
+    app.run(host=os.environ.get("BIND_HOST", '0.0.0.0'),
             port=os.environ.get("PORT", 5000),
             debug=bool(strtobool(os.getenv('DEBUG', 'False'))),
             use_reloader=True)
 
 
 if __name__ == "__main__":
-    os.system('cls' if os.name == 'nt' else 'clear')
     print("Server started...")
     init_app()