Updates

- Add workflows
- Fix linting errors

Author: davidharcombe

.github/workflows/lint.yml

@@ -0,0 +1,36 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python package
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: '3.x'
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v3
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install flake8 pytest
+        if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+    - name: Lint with flake8
+      run: |
+        # stop the build if there are Python syntax errors or undefined names
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
+        flake8 . --count --exit-zero --max-complexity=10 --indent-size=2 --max-line-length=127 --statistics
+    - name: Test with pytest
+      run: |
+        pytest

.github/workflows/python-package.yml

@@ -0,0 +1,70 @@
+# This workflow will upload a Python Package to PyPI when a release is created
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Upload Python Package
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  release-build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Build release distributions
+        run: |
+          # NOTE: put your own distribution build steps here.
+          python -m pip install build
+          python -m build
+
+      - name: Upload distributions
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-dists
+          path: dist/
+
+  pypi-publish:
+    runs-on: ubuntu-latest
+    needs:
+      - release-build
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+
+    # Dedicated environments with protections for publishing are strongly recommended.
+    # For more information, see: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules
+    environment:
+      name: pypi
+      # OPTIONAL: uncomment and update to include your PyPI project URL in the deployment status:
+      # url: https://pypi.org/p/YOURPROJECT
+      #
+      # ALTERNATIVE: if your GitHub Release name is the PyPI project version string
+      # ALTERNATIVE: exactly, uncomment the following line instead:
+      # url: https://pypi.org/project/YOURPROJECT/${{ github.event.release.name }}
+
+    steps:
+      - name: Retrieve release distributions
+        uses: actions/download-artifact@v4
+        with:
+          name: release-dists
+          path: dist/
+
+      - name: Publish release distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          packages-dir: dist/

.github/workflows/python-publish.yaml

@@ -21,15 +21,15 @@ Other storage locations can be added at will simply by extending the
 
 ## Initial Setup And Installation
 
-## Enable the APIs on Google Cloud
+### Enable the APIs on Google Cloud
 
 In order to use the connectors to any of the Google Cloud storage methods
 (Secret Manager, Firestore and Google Cloud Storage) you will have to ensure
 that the relevant APIs have been enabled. Follow the instructions listed in the
 [developer documentation](https://cloud.google.com/apis/docs/getting-started)
 to enable the API you need.
 
-## Ensure the app's service account has acces to the APIs
+### Ensure the app's service account has access to the APIs
 
 ## Implementation specific
 
@@ -81,15 +81,12 @@ the usage cost of Secret Manager substantially as projects are charged based
 partially on number of _active_ and _disabled_ (ie not destroyed) secret
 versions.
 
-You can also use [`KeyUploader`](#keyuploader).
+You can also use [`KeyUploader`](#keyuploader) to upload these data.
 
 ### Firestore
 
-Firestore requires no additional configuration, although you will have to
-seed the Firestore database with the client secret data, much like with Secret
-Manager above. Unfortunately there is no CLI access through `gcloud` to
-Firestore so we can't write a simple shell script. In this case, please see
-below in the section on [`KeyUploader`](#keyuploader).
+Firestore requires no additional configuration, as it uses the service account's
+credentials to access the database.
 
 ### Google Cloud Storage
 
@@ -177,17 +174,6 @@ supplied datastores. This will allow you to pre-load `Firestore` with the
 The file to be uploaded can be stored either locally or on
 `Google Cloud Storage`.
 
-For example: to run the `KeyUploader` and install the client secrets file into
-Firestore, you would do the following:
-
-```
-python auth.cli.key_upload.py         \
-  --key=client_secret                 \
-  --firestore                         \
-  --email=YOUR_EMAIL                  \
-  --file=PATH/TO/client_secrets.json
-  ```
-
 Your available command-line switches are:
 
 | Switch             |                | Description                                                                                  |
@@ -205,3 +191,19 @@ Your available command-line switches are:
 
 **NOTE** _One and only one_ of `--local`, `--firestore`, `--cloud_storage`
 and `--secret_manager` must be specified
+
+For example: to run the `KeyUploader` and install the client secrets file into
+Firestore, you would do the following:
+
+```
+python -m auth.cli.key_upload         \
+  --key=client_secret                 \
+  --firestore                         \
+  --email=YOUR_EMAIL                  \
+  --file=PATH/TO/client_secrets.json
+  ```
+
+This will create a collection called '`administration`', and add a document
+to it called '`client_secret`', with keys corresponding to the entire content
+of the json file.
+

.github/workflows/test.yml

@@ -13,19 +13,17 @@
 # limitations under the License.
 from __future__ import annotations
 
+import json
 from dataclasses import dataclass
 from datetime import datetime
-import json
 from typing import Any, Dict, Mapping, Type, TypeVar, Union
-from io import BytesIO
 
 import pytz
 from dateutil.relativedelta import relativedelta
 from google.auth.transport import requests
 from google.oauth2 import credentials as oauth
 
 from auth import decorators
-
 from auth.abstract_datastore import AbstractDatastore
 from auth.credentials_helpers import encode_key
 from auth.exceptions import CredentialsError
@@ -126,10 +124,9 @@ def project_credentials(self) -> ProjectCredentials:
           client_secret.get('web') or \
           client_secret.get('installed')
 
-    creds = \
-        ProjectCredentials(client_id=secrets['client_id'],
-                           client_secret=secrets['client_secret']) \
-        if secrets else None
+    creds = ProjectCredentials(client_id=secrets['client_id'],
+                               client_secret=secrets['client_secret']
+                               ) if secrets else None
 
     return creds
 
@@ -177,8 +174,7 @@ def _to_utc(self, last_date: datetime) -> datetime:
     Returns:
         datetime: the date in UTC
     """
-    if (last_date.tzinfo is None or
-            last_date.tzinfo.utcoffset(last_date) is None):
+    if (last_date.tzinfo is None or last_date.tzinfo.utcoffset(last_date) is None):
       last_date = pytz.UTC.localize(last_date)
 
     return last_date

README.md

@@ -12,9 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-import json
 import unittest
-from unittest import mock
 
 from auth.credentials_helpers import encode_key
 from auth.exceptions import KeyEncodingError

auth/credentials.py

@@ -16,11 +16,12 @@
 import unittest
 from unittest import mock
 
-from auth.credentials_helpers import encode_key
-from auth.exceptions import KeyEncodingError
 from google.oauth2 import credentials as oauth
-from auth.credentials import Credentials
+
 from auth import local_file
+from auth.credentials import Credentials
+from auth.credentials_helpers import encode_key
+from auth.exceptions import KeyEncodingError
 
 MASTER_CONFIG = {
     "auth": {
@@ -40,13 +41,13 @@ class CredentialsTest(unittest.TestCase):
   def setUp(self):
     self.open = mock.mock_open(read_data=json.dumps(MASTER_CONFIG))
 
-  # def test_encode_valid(self) -> None:
-  #   self.assertEqual('YnV0dGVyY3VwQGFzeW91d2lzaC5jb20',
-  #                    encode_key('[email protected]'))
+  def test_encode_valid(self) -> None:
+    self.assertEqual('YnV0dGVyY3VwQGFzeW91d2lzaC5jb20',
+                     encode_key('[email protected]'))
 
-  # def test_encode_none(self) -> None:
-  #   with self.assertRaisesRegex(KeyEncodingError, 'Cannot encode None'):
-  #     encode_key(None)
+  def test_encode_none(self) -> None:
+    with self.assertRaisesRegex(KeyEncodingError, 'Cannot encode None'):
+      encode_key(None)
 
   def test_store_credentials_with_creds(self) -> None:
     token = {"token": "token",

auth/credentials_helpers_test.py

@@ -14,11 +14,12 @@
 from __future__ import annotations
 
 import json
-from typing import Any, Callable, Dict, List, Mapping, Optional
+from typing import Any, Dict
 
 import gcsfs
 from auth import decorators
 from .file_datastore import FileDatastore
+from auth.abstract_datastore import AbstractDatastore
 
 
 class CloudStorage(FileDatastore):
@@ -29,7 +30,7 @@ def datastore(self) -> Dict[str, Any]:
     try:
       fs = gcsfs.GCSFileSystem(project=self.project)
       file_name = f'{self.bucket}/{self.datastore_file}'
-      with open(file_name, 'r') as store:
+      with fs.open(file_name, 'r') as store:
         if data := store.read():
           return json.loads(data)
         else:

auth/credentials_test.py

@@ -14,13 +14,11 @@
 
 import json
 import unittest
+from copy import deepcopy
 from unittest import mock
 
 from auth.datastore import cloud_storage
 
-from copy import deepcopy
-from typing import Any, Dict
-
 MASTER_CONFIG = {
     "auth": {
         "api_key": "api_key",