notifier/backend-api-internal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added lib-secret-manager which consumes secrets after application launch
All checks were successful
Build & Publish to GHCR / build (push) Successful in 1m35s
Details

Browse Source
This commit is contained in:
Florian 2025-11-05 21:56:39 +01:00
parent 84bc62610d
commit c7691dcf15
5 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@ -9,6 +9,7 @@ click==8.3.0
fastapi==0.119.0
h11==0.16.0
idna==3.11
lib-secret-manager @ git+https://git.gansejunge.com/notifier/lib-secret-manager.git@main
lib-uvicorn-config @ git+https://git.gansejunge.com/notifier/lib-uvicorn-config.git@main
multidict==6.7.0
mysql-connector-python==9.4.0

2
src/db.py
View File

@ -1,6 +1,6 @@
from mysql.connector import pooling, Error
import threading
from secret_handler import return_credentials
from secret_manager import return_credentials
import os
import time
from simple_logger_handler import setup_logger

9
src/main.py
View File

@ -13,6 +13,7 @@ from contextlib import asynccontextmanager
from metrics_server import REQUEST_COUNTER
import asyncio
from uvicorn_logger_config import LOGGING_CONFIG
from secret_manager import cleanup_secret_files
logger = setup_logger(__name__)
producer = RabbitMQProducer()
@ -38,6 +39,14 @@ async def lifespan(app: FastAPI):
app.state.rmq_producer = producer
logger.info("[FastAPI] RabbitMQ producer initialized.")
SECRET_PATHS = frozenset({
"/etc/secrets/db_username",
"/etc/secrets/db_password",
"/etc/secrets/rmq_username",
"/etc/secrets/rmq_password"
})
cleanup_secret_files(SECRET_PATHS)
yield
logger.info("Closing RabbitMQ producer...")
await producer.close()

2
src/rabbitmq_handler.py
View File

@ -1,7 +1,7 @@
import asyncio
import aio_pika
from aio_pika.exceptions import AMQPException
from secret_handler import return_credentials
from secret_manager import return_credentials
import os
from simple_logger_handler import setup_logger
import json

14
src/secret_handler.py
View File

@ -1,14 +0,0 @@
from simple_logger_handler import setup_logger
logger = setup_logger(__name__)
def return_credentials(path: str)->str:
try:
with open (path) as file:
return file.read().strip()
except FileNotFoundError:
logger.fatal(f"[FATAL] Secret file not found: {path}")
raise
except Exception as e:
logger.fatal(f"[FATAL] Failed to read secret file {path}: {e}")
raise