From 2f6951c46491c7f8e21dff723c3396fb0a0ba581 Mon Sep 17 00:00:00 2001 From: Andreas Olsson Date: Sun, 5 May 2024 08:26:25 +0200 Subject: [PATCH] Enforce keyword arguments for public methods 1. Feels appropriate given the number of arguments 2. Already in line with existing README examples 3. Will make it easy for me to expand functionality --- hv4gha/entry.py | 36 +++++++++++++++++++++++++++++------- hv4gha/gh.py | 3 ++- hv4gha/vault.py | 6 +++--- 3 files changed, 34 insertions(+), 11 deletions(-) diff --git a/hv4gha/entry.py b/hv4gha/entry.py index 6b6304e..37266a2 100644 --- a/hv4gha/entry.py +++ b/hv4gha/entry.py @@ -6,6 +6,7 @@ def import_app_key( pem_key: bytes | str, + *, key_name: str, vault_addr: str, vault_token: str, @@ -26,14 +27,22 @@ def import_app_key( if isinstance(pem_key, str): pem_key = pem_key.encode() - transit = VaultTransit(vault_addr, vault_token, transit_backend) - transit.import_key(key_name, pem_key) + transit = VaultTransit( + vault_addr=vault_addr, + vault_token=vault_token, + transit_backend=transit_backend, + ) + transit.import_key( + key_name=key_name, + pem_app_key=pem_key, + ) if revoke_vault_token: transit.revoke_token() def issue_access_token( + *, key_name: str, vault_addr: str, vault_token: str, @@ -64,11 +73,24 @@ def issue_access_token( if isinstance(app_id, int): app_id = str(app_id) - transit = VaultTransit(vault_addr, vault_token, transit_backend) - jwt: str = transit.sign_jwt(key_name, app_id) - - ghapp = GitHubApp(account, jwt) - access_token: TokenResponse = ghapp.issue_token(permissions, repositories) + transit = VaultTransit( + vault_addr=vault_addr, + vault_token=vault_token, + transit_backend=transit_backend, + ) + jwt: str = transit.sign_jwt( + key_name=key_name, + app_id=app_id, + ) + + ghapp = GitHubApp( + account=account, + jwt_token=jwt, + ) + access_token: TokenResponse = ghapp.issue_token( + permissions=permissions, + repositories=repositories, + ) if revoke_vault_token: transit.revoke_token() diff --git a/hv4gha/gh.py b/hv4gha/gh.py index 917b518..d1b0963 100644 --- a/hv4gha/gh.py +++ b/hv4gha/gh.py @@ -124,7 +124,7 @@ class AccessToken(BaseModel): class GitHubApp: """GitHub App Access Tokens, etc""" - def __init__(self, account: str, jwt_token: str): + def __init__(self, *, account: str, jwt_token: str): """ :param app_id: GitHub App ID. :param jwt_token: GitHub App JWT token @@ -186,6 +186,7 @@ def __find_installation(self) -> str: def issue_token( self, + *, permissions: None | dict[str, str] = None, repositories: None | list[str] = None, ) -> TokenResponse: diff --git a/hv4gha/vault.py b/hv4gha/vault.py index a8a802a..56af5f0 100644 --- a/hv4gha/vault.py +++ b/hv4gha/vault.py @@ -72,7 +72,7 @@ class WrappingKey(BaseModel): class VaultTransit: """Interact with Vault's Transit Secrets Engine""" - def __init__(self, vault_addr: str, vault_token: str, transit_backend: str): + def __init__(self, *, vault_addr: str, vault_token: str, transit_backend: str): """ :param vault_addr: Vault instance VAULT_ADDR. :param vault_token: Vault instance VAULT_TOKEN. @@ -147,7 +147,7 @@ def __api_write( return response - def import_key(self, key_name: str, pem_app_key: bytes) -> None: + def import_key(self, *, key_name: str, pem_app_key: bytes) -> None: """ Import GitHub App key @@ -169,7 +169,7 @@ def import_key(self, key_name: str, pem_app_key: bytes) -> None: self.__api_write(api_path, payload, AppKeyImportError) - def sign_jwt(self, key_name: str, app_id: str) -> str: + def sign_jwt(self, *, key_name: str, app_id: str) -> str: """ Sign JWT token to authenticate towards GitHub