AWS config sources for the typedconfig package
Project description
typed-config-aws-sources
AWS config sources for the typed-config package.
pip install typed-config-aws-sources
Requires python 3.6 or above.
Basic usage
Please read the readme for typed-config first.
# my_app/config.py
from typedconfig_awssource import IniS3ConfigSource
from typedconfig import Config, key, section
@section('database')
class AppConfig(Config):
port = key(cast=int)
config = AppConfig()
config.add_source(IniS3ConfigSource('my_bucket_name', 'config_key.cfg'))
config.read()
# my_app/main.py
from my_app.config import config
print(config.host)
Supplied Config Sources
IniS3ConfigSource
This loads configuration from an INI file stored in an S3 bucket
from typedconfig_awssource import IniS3ConfigSource
source = IniS3ConfigSource('bucket_name', 'key_name.cfg', encoding='utf8', must_exist=True)
- Supply the bucket name and key name as the first two arguments
encoding
defaults to'utf8'
if not suppliedmust_exist
defaults toTrue
if not supplied. Ifmust_exist
isFalse
, and the bucket or key can't be found, or AWS credentials fail, then no error is thrown and this config source will just return than it cannot find the requested config value every time.
An example INI file might look like this:
[database]
port = 2000
DynamoDBConfigSource
This reads configuration from a DynamoDB table. The table should have a partition key which holds the config section, a sort key which holds the config key name, and another 'column' containing the config value as a string.
So an item in DynamoDB corresponding to the above INI file example would look like this
{
"section": "database",
"key": "port",
"value": "2000"
}
Create the DynamoDBConfigSource
like this:
from typedconfig_awssource import DynamoDbConfigSource
source = DynamoDbConfigSource('table_name',
section_attribute_name='config_section_column_name',
key_attribute_name='config_key_column_name',
value_attribute_name='config_value_column_name')
- The first argument is the DynamoDB table name and is required
- The other three arguments are optional, and are supplying the attribute (or "column") names in the table which store the three things defining a config parameter (section, key, and value)
- Default attribute names are
"section"
,"key"
, and"value"
SecretsManagerConfigSource
This reads secret values from secrets manager. Permission to read AWS secrets is required. One secrets should be stored for each config section with the name format prefix/section
, and contain json key-value pairs. For example, for a project called myproject
there may be a secret called myproject/database
containing the following value. Note that even numeric values should be stored as strings.
{
"user": "secretuser",
"password": "secretpassword"
}
Create the SecretsManagerConfigSource
like this:
from typedconfig_awssource import SecretsManagerConfigSource
source = SecretsManagerConfigSource('myproject', must_exist=False, only_these_keys={('s', 'a'), ('s', 'b')})
- The first argument passed is the prefix which is placed before the
/
in the secret name. So when I try to get the database password, the secretmyproject/database
is retrieved, the JSON is parsed and value the fieldpassword
is returned. - The
must_exist
argument specifies whether to error if AWS secretsmanager cannot be accessed, or if the key does not exist. Default isFalse
. - The
only_these_keys
argument specifies a limited set of configuration keys. They are provided as(section, key)
tuples. If provided, the config source will only act when these parameters are requested. This prevents unnecessary AWS API calls, which slow down configuration setup, for config values which you know are not available from secrets manager. Settingonly_these_keys=None
(the default) will check secrets manager for all config keys.
ParameterStoreConfigSource
This reads (optionally secret) values from AWS SSM parameter store. Storing secrets here is cheaper than using secrets manager. Permission to read from SSM parameter store is required. Each config parameter should be stored in parameter store as an individual SecureString
parameter. For example, I would store the database password in a key called
myproject/database/password
where database
is the section name and password
is the configuration key name.
Create a ParameterStoreConfigSource
like this:
from typedconfig_awssource import ParameterStoreConfigSource
source = ParameterStoreConfigSource('myproject',
must_exist=False,
only_these_keys={('s', 'a'), ('s', 'b')},
batch_preload=False)
- The first argument passed is the prefix at the start of the SSM parameter name, before the first
/
. - The
must_exist
argument specifies whether to error if AWS parameter store cannot be accessed, or if the requested key does not exist. - The
only_these_keys
argument specifies a limited set of configuration keys. They are provided as(section, key)
tuples. If provided, the config source will only act when these parameters are requested. This prevents unnecessary AWS API calls, which slow down configuration setup, for config values which you know are not available from parameter store. Settingonly_these_keys=None
(the default) will check parameter store for all config keys. - The
batch_preload
argument specifies whether to makeGetParametersByPath
AWS API calls when the source is constructed. Only applicable whenonly_these_keys
is supplied. Ifonly_these_keys
isNone
, this argument is ignored. This is an optimisation which means that everything supplied inonly_these_keys
can be loaded in far fewer API calls, thus speeding up configuration loading.
Contributing
Ideas for new features and pull requests are welcome. PRs must come with tests included. This was developed using Python 3.7 but Travis tests run with v3.6 too.
Development setup
- Clone the git repository
- Create a virtual environment
virtualenv venv
- Activate the environment
venv/scripts/activate
- Install development dependencies
pip install -r requirements.txt
Running tests
pytest
To run with coverage:
pytest --cov
Making a release
- Bump version number in
typedconfig_awssource/__version__.py
- Add changes to CHANGELOG.md
- Commit your changes and tag with
git tag -a 0.1.0 -m "Summary of changes"
- Travis will deploy the release to PyPi for you.
Staging release
If you want to check how a release will look on PyPi before tagging and making it live, you can do the following:
pip install twine
if you don't already have it- Bump version number in
typedconfig_awssource/__version__.py
- Clear the dist directory
rm -r dist
python setup.py sdist bdist_wheel
twine check dist/*
- Upload to the test PyPI
twine upload --repository-url https://test.pypi.org/legacy/ dist/*
- Check all looks ok at https://test.pypi.org/project/typed-config-aws-sources
- If all looks good you can git tag and push for deploy to live PyPi
Here is a good tutorial on publishing packages to PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file typed-config-aws-sources-0.4.2.tar.gz
.
File metadata
- Download URL: typed-config-aws-sources-0.4.2.tar.gz
- Upload date:
- Size: 8.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.6.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b4adb80bc0eaa61b8f9d1c66579d68248b92383120f22405c300174f6c0f8d4f |
|
MD5 | c78ccc403322e5b9bf3f4e6e9f9bd17b |
|
BLAKE2b-256 | 9adf077a79ffc473d2f811cb9790a44400cc59dbddef395e040ee293942dc6b0 |
File details
Details for the file typed_config_aws_sources-0.4.2-py3-none-any.whl
.
File metadata
- Download URL: typed_config_aws_sources-0.4.2-py3-none-any.whl
- Upload date:
- Size: 7.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.60.0 CPython/3.6.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b855594362e2197b140f33e51516ee1f5b0a7d5b9193fa2df9057a8a49d81923 |
|
MD5 | 2f5d6a9748254c4831a0b487ade332b3 |
|
BLAKE2b-256 | 25f9660bd79fc868a1f72daf1a66fd91ee5d01ba997cb1b74700694a21afcce0 |