Removed HVAC handler and changed deployment to Kubernetes
This commit is contained in:
parent
aab311dc86
commit
5bd757e875
@ -8,4 +8,4 @@ WORKDIR /app
|
||||
|
||||
COPY src/ /app/
|
||||
|
||||
ENTRYPOINT ["sh", "-c", "sleep 10 && python main.py"]
|
||||
ENTRYPOINT ["python","main.py"]
|
||||
|
||||
@ -2,23 +2,18 @@ annotated-types==0.7.0
|
||||
anyio==4.11.0
|
||||
argon2-cffi==25.1.0
|
||||
argon2-cffi-bindings==25.1.0
|
||||
certifi==2025.10.5
|
||||
cffi==2.0.0
|
||||
charset-normalizer==3.4.3
|
||||
click==8.3.0
|
||||
fastapi==0.118.0
|
||||
h11==0.16.0
|
||||
hvac==2.3.0
|
||||
idna==3.10
|
||||
mysql-connector-python==9.4.0
|
||||
pika==1.3.2
|
||||
pycparser==2.23
|
||||
pydantic==2.11.10
|
||||
pydantic_core==2.33.2
|
||||
requests==2.32.5
|
||||
pydantic==2.12.0
|
||||
pydantic_core==2.41.1
|
||||
sniffio==1.3.1
|
||||
starlette==0.48.0
|
||||
typing-inspection==0.4.2
|
||||
typing_extensions==4.15.0
|
||||
urllib3==2.5.0
|
||||
uvicorn==0.37.0
|
||||
|
||||
@ -1,14 +1,13 @@
|
||||
import mysql.connector
|
||||
from mysql.connector import pooling
|
||||
import threading
|
||||
from hvac_handler import get_secret
|
||||
from secret_handler import return_credentials
|
||||
import os
|
||||
import time
|
||||
import sys
|
||||
|
||||
|
||||
db_username = get_secret("secret/api-internal/db", "username")
|
||||
db_password = get_secret("secret/api-internal/db", "password")
|
||||
db_username = return_credentials("/etc/secrets/db_username")
|
||||
db_password = return_credentials("/etc/secrets/db_password")
|
||||
db_host = os.getenv("BACKEND_API_INTERNAL_DB_HOST","localhost")
|
||||
db_database = os.getenv("BACKEND_API_INTERNAL_DB_DATABASE","app")
|
||||
|
||||
|
||||
@ -1,44 +0,0 @@
|
||||
import hvac
|
||||
import base64
|
||||
import os
|
||||
import time
|
||||
import sys
|
||||
|
||||
HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
|
||||
|
||||
MAX_RETRIES = 5
|
||||
BACKOFF = 5
|
||||
|
||||
def get_client():
|
||||
for attempt in range(1, MAX_RETRIES+1):
|
||||
try:
|
||||
client = hvac.Client(url=HVAC_AGENT_URL)
|
||||
if client.is_authenticated():
|
||||
return client
|
||||
raise Exception("Not authenticated")
|
||||
except Exception as e:
|
||||
print(f"Vault connection failed (attempt {attempt}/{MAX_RETRIES}): {e}")
|
||||
time.sleep(BACKOFF * attempt)
|
||||
print("Vault unreachable after retries. Exiting.")
|
||||
sys.exit(1)
|
||||
|
||||
client = get_client()
|
||||
|
||||
def get_secret(path:str, key:str):
|
||||
try:
|
||||
secret = client.secrets.kv.v2.read_secret_version(
|
||||
mount_point="kv",
|
||||
path=path
|
||||
)
|
||||
return secret["data"]["data"][key]
|
||||
except Exception as e:
|
||||
print(f"Failed to fetch secret '{path}:{key}': {e}")
|
||||
sys.exit(1)
|
||||
|
||||
def decrypt_token(ciphertext: str) -> str:
|
||||
response = client.secrets.transit.decrypt_data(
|
||||
name="push-tokens",
|
||||
ciphertext=ciphertext
|
||||
)
|
||||
plaintext_b64 = response["data"]["plaintext"]
|
||||
return base64.b64decode(plaintext_b64).decode()
|
||||
@ -1,13 +1,17 @@
|
||||
import pika
|
||||
from typing import Dict
|
||||
from secret_handler import return_credentials
|
||||
import ssl
|
||||
from hvac_handler import get_secret
|
||||
import json
|
||||
import time
|
||||
import sys
|
||||
import os
|
||||
|
||||
rmq_username = get_secret("secret/api-internal/rmq", "username")
|
||||
rmq_password = get_secret("secret/api-internal/rmq", "password")
|
||||
rmq_username = return_credentials("/etc/secrets/rmq_username")
|
||||
rmq_password = return_credentials("/etc/secrets/rmq_password")
|
||||
rmq_host = os.getenv("BACKEND_API_INTERNAL_RMQ_HOST","localhost")
|
||||
rmq_vhost = os.getenv("BACKEND_API_INTERNAL_RMQ_VHOST","app_notifications")
|
||||
rmq_exchange = os.getenv("BACKEND_API_INTERNAL_RMQ_EXCHANGE","app_notifications")
|
||||
|
||||
MAX_RETRIES = 5
|
||||
RETRY_DELAY = 5
|
||||
@ -18,21 +22,21 @@ def send_message_to_rmq(user_id: int, message: Dict):
|
||||
context.check_hostname = False
|
||||
ssl_options = pika.SSLOptions(context)
|
||||
conn_params = pika.ConnectionParameters(
|
||||
host="localhost",
|
||||
host=rmq_host,
|
||||
port=5671,
|
||||
ssl_options=ssl_options,
|
||||
credentials=credentials,
|
||||
virtual_host="app_notifications"
|
||||
virtual_host=rmq_vhost
|
||||
)
|
||||
|
||||
for attempt in range(1, MAX_RETRIES + 1):
|
||||
try:
|
||||
connection = pika.BlockingConnection(conn_params)
|
||||
channel = connection.channel()
|
||||
channel.exchange_declare(exchange="app_notifications", exchange_type="topic", durable=True)
|
||||
channel.exchange_declare(exchange=rmq_exchange, exchange_type="topic", durable=True)
|
||||
channel.confirm_delivery()
|
||||
channel.basic_publish(
|
||||
exchange='app_notifications',
|
||||
exchange=rmq_exchange,
|
||||
routing_key=f"notify.user.{user_id}",
|
||||
body=json.dumps(message),
|
||||
properties=pika.BasicProperties(
|
||||
|
||||
3
src/secret_handler.py
Normal file
3
src/secret_handler.py
Normal file
@ -0,0 +1,3 @@
|
||||
def return_credentials(path: str)->str:
|
||||
with open (path) as file:
|
||||
return file.read()
|
||||
Loading…
x
Reference in New Issue
Block a user