Merge branch '1-readme-file-is-not-using-markdown-format' into 'main'

Aligned repository with best practices

See merge request !3

.coveragerc

-[run]
-branch = True
-source = .
-omit =
-    venv/*
-    */site-packages/*
-    # Don't complain if non-runnable code isn't run
-    */__main__.py
-
-[report]
-show_missing = True
-skip_covered = True
-exclude_lines =
-    # Have to re-enable the standard pragma
-    \#\s*pragma: no cover
-    # We optionally substitute this
-    ${COVERAGE_IGNORE_WINDOWS}
-
-    # Don't complain if tests don't hit defensive assertion code:
-    ^\s*raise AssertionError\b
-    ^\s*raise NotImplementedError\b
-    ^\s*return NotImplemented\b
-    ^\s*raise$
-
-    # Don't complain if non-runnable code isn't run:
-    ^if __name__ == ['"]__main__['"]:$
-
-# vim:ft=dosini

.env.example

+VAULT_KEY=
+VAULT_NAMESPACE=
+VAULT_URL=
+VAULT_APPROLE_ID=
+VAULT_APPROLE_PWD=
+VAULT_MOUNT_POINT=
+SECRET_VALUE=
+SECRET_KEY=
+SECRET_CREATED_TIME=
+ALT_VAULT_NAMESPACE=
+ALT_VAULT_KEY=
+ALT_VAULT_APPROLE_ID=
+ALT_VAULT_APPROLE_PWD=

.flake8

-# file: $PROJ/.flake8
-#
-# This config expects that the flake8-bugbear extension to be installed.
-# bugbear looks at the line length and allows a slight variance as opposed
-# to a hard limit.  When it detects excessive line lengths, it returns B950.
-# This config looks for B950 and ignores the default flake8 E501 line length error.
-
-[flake8]
-max-complexity = 10
-max-line-length = 131
-select = C,E,F,W,B,B950
-# B,C,E,F,W,T4,B9
-ignore =
-       # Use bugbear line length detection instead of default
-       E501,
-       # PEP8 allows hanging indent, but E126 dosn't seem to.
-       E126,
-       # E402 refers to imports only being at the top of a file.
-       E402
-       # W503 Should a Line Break Before or After a Binary Operator? pep is not consistant
-       # https://www.python.org/dev/peps/pep-0008/#should-a-line-break-before-or-after-a-binary-operator
-       W503
-       # E203, E266, F403, F401
-       # C901 is too complex
-       C901
-
-# Local Variables:
-# mode: conf
-# End:

.gitignore

@@ -20,3 +20,6 @@ __pycache__
 
 # To check
 .ssh/
+
+# Protect secrets
+.env

.gitlab-ci.yaml

+include:
+  - project: 'digit-c4/dev/best-practices'
+    file: 'gitlab-ci/test-static-scan.yml'
+    ref: main
+  - project: 'digit-c4/dev/python-best-practices'
+    file: 'gitlab-ci/test-static-style-force.yml'
+    ref: main
+  - project: 'digit-c4/dev/python-best-practices'
+    file: 'gitlab-ci/test-static-style-check.yml'
+    ref: main
+
+stages:
+  - test
+
+test-static-scan-gitleaks:
+  stage: test
+  tags:
+    - docker
+    - lab
+
+test-static-style-force-job:
+  stage: test
+  tags:
+    - docker
+    - lab
+  variables:
+    CI_JOB_TOKEN_WRITE: ${CI_TOKEN_WRITE}
+    SRC_PATH: src
+
+test-static-style-check-job:
+  stage: test
+  tags:
+    - docker
+    - lab
+  variables:
+    SRC_PATH: src
+
+test-unit-job:
+  stage: test
+  tags:
+    - docker
+    - lab
+  image: code.europa.eu:4567/digit-c4/dev/python-best-practices/python-poetry:3.11-alpine
+  before_script:
+    - poetry install --with test --sync
+  script:
+    - poetry run pytest src/tests/unit
+
+test-integration-job:
+  stage: test
+  tags:
+    - shell
+    - lab
+  image: code.europa.eu:4567/digit-c4/dev/python-best-practices/python-poetry:3.11-alpine
+  before_script:
+    - poetry install --with test --sync
+  script:
+    - poetry run pytest src/tests/integration

.hgignore

-syntax: glob
-log/
-*.retry
-*~
-.\#*
-*.log
-*.bak
-*.pid
-*~
-.*.swp
-*.pyc
-*.iso
-*.pp
-__pycache__
-
-
-syntax: regexp

.isort.cfg

-# file: $PROJ/.isort.cfg
-#
-[settings]
-multi_line_output=3
-include_trailing_comma=True
-force_grid_wrap=0
-combine_as_imports=True
-line_length=131
-check_skip=True
-# skip=snet,snet.diego,snet.scrat
-skip_glob=snet.*,snet\.*
-known_first_party=snet
-# default_section=FIRSTPARTY
-show_diff=True

.perltidyrc

-#
-# This file is managed by Snet Ansible configuration.
-# Any manual changes will be OVERWRITTEN.
-#
-#
--ce
--lp
--pt=0
--l=200
--bar
--sbl
-# -bli -bbvt=2
-# -sbt=1 (default)
-# -bt=1 (default)
--nolq

.pre-commit-config.yaml

----
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
-    hooks:
-      - id: end-of-file-fixer
-      - id: trailing-whitespace
-      - id: check-ast
-      - id: check-json
-      - id: check-yaml
-      - id: check-executables-have-shebangs
-      - id: check-symlinks
-      - id: check-merge-conflict
-      - id: check-docstring-first
-      - id: requirements-txt-fixer
-      - id: flake8
-        # args: [--max-line-length=131]  in the .flake8 config file
-      # - id: detect-aws-credentials
-      - id: detect-private-key
-      # - id: double-quote-string-fixer
-      - id: debug-statements
-      - id: pretty-format-json
-        args: [--autofix, --indent=2]
-      # - id: no-commit-to-branch --branch master
-
-#  - repo: https://github.com/psf/black
-#    rev: 19.3b0
-#    hooks:
-#      - id: black
-#        args: [--check, --diff]
-
-  - repo: https://github.com/pre-commit/mirrors-isort
-    rev: v4.3.21
-    hooks:
-      - id: isort
-
-#   - repo: https://github.com/pre-commit/mirrors-yapf
-#     rev: v0.28.0
-#     hooks:
-#      - id: yapf
-#        args: [--diff]
-
-  # bandit - check for python code vulnerabilities
-  - repo: https://github.com/Lucas-C/pre-commit-hooks-bandit
-    rev: v1.0.3
-    hooks:
-      - id: python-bandit-vulnerability-check
-        args: [-l, --recursive, -x, tests]
-        files: .py$
-
-  - repo: https://github.com/Lucas-C/pre-commit-hooks-safety
-    rev: v1.1.0
-    hooks:
-      - id: python-safety-dependencies-check
-
-  - repo: https://github.com/henryykt/pre-commit-perl
-    rev: v0.0.4
-    hooks:
-      - id: perlcritic
-      - id: perltidy
-
-  - repo: https://www.shore.co.il/git/ansible-pre-commit/  # https://github.com/adarnimrod/ansible-pre-commit
-    rev: v0.6.0
-    hooks:
-      - id: ansible-syntax-check
-        files: site.yml #In case you want to specify other playbook files.
-      - id: ansible-vault-check
-
-  - repo: https://github.com/detailyang/pre-commit-shell
-    rev: v1.0.6
-    hooks:
-    - id: shell-lint
-      args: [--format=json]
-
-  # shellcheck, shfmt - for shell scripts
-  - repo: https://github.com/jumanjihouse/pre-commit-hooks
-    rev: 1.8.0
-    hooks:
-      - id: shfmt
-        args: ['-w', '-i', '4', '-ci']
-      - id: shellcheck
-
-  - repo: local
-    hooks:
-      - id: tests
-        name: run tests
-        entry: pytest -v
-        language: system
-        types: [python]
-        stages: [push]
-
-#  - repo: local
-#    hooks:
-#      - id: test_api
-#        name: run test_api
-#        entry: ./test_api/test_api.pl
-#        args: [./test_api/valid_configs/dca.ini]
-#        language: system
-#        always_run: true
-#        pass_filenames: false
-#        require_serial: true
-
-
-# -   repo: local
-#     hooks:
-#     -   id: python-safety-dependencies-check
-#         entry: safety
-#         args: [check, --full-report]
-#         language: system
-#         files: requirements
-
-# blacken-docs - runsblack on python code blocks in documentation files
-# encryption-check - ensure ansible vault files are encrypted
-# sign-commit - adds signature verification
-# dockerfile and teraform linter
-
-# messages=("Commit denied..Friday protocol violation" "Dude! Stop!Its Friday" "You really wanna do this on a Friday" "Someone wants to check-in code on Friday and lose a weekend" "Nope!! Not on a Friday" "Its Friday Friday! No commits on a Friday!")

.pylintrc

+[FORMAT]
+max-line-length=240
+max-args=7

.style.yapf

-[style]
-# YAPF uses the chromium style by default
-based_on_style = pep8
-
-# Def: True
-ALIGN_CLOSING_BRACKET_WITH_VISUAL_INDENT=True
-
-# Def: False
-ALLOW_MULTILINE_LAMBDAS=False
-
-# Def: False
-ALLOW_MULTILINE_DICTIONARY_KEYS=False
-
-# Def: False
-BLANK_LINE_BEFORE_NESTED_CLASS_OR_DEF=False
-
-# Def: False
-BLANK_LINE_BEFORE_CLASS_DOCSTRING=False
-
-# Def: False
-COALESCE_BRACKETS=False
-
-# Def: 79
-COLUMN_LIMIT=131
-
-# Def: 4
-CONTINUATION_INDENT_WIDTH=4
-
-# Def: False
-# DEDENT_CLOSING_BRACKETS=False
-DEDENT_CLOSING_BRACKETS = true
-
-# Def: True
-EACH_DICT_ENTRY_ON_SEPARATE_LINE=True
-
-# Def: ''
-I18N_COMMENT=''
-
-# Def: ''
-I18N_FUNCTION_CALL=''
-
-# Def: False CHANGED
-INDENT_DICTIONARY_VALUE=True
-
-# Def: 4
-INDENT_WIDTH=4
-
-# Def: True CHANGED
-JOIN_MULTIPLE_LINES=True
-
-# Def: True
-SPACE_BETWEEN_ENDING_COMMA_AND_CLOSING_BRACKET=True
-
-# Def: False
-SPACES_AROUND_POWER_OPERATOR=False
-
-# Def: False
-SPACES_AROUND_DEFAULT_OR_NAMED_ASSIGN=False
-
-# Def: 2
-SPACES_BEFORE_COMMENT=2
-
-# Def: False
-SPLIT_ARGUMENTS_WHEN_COMMA_TERMINATED=False
-
-# Def: False
-SPLIT_BEFORE_BITWISE_OPERATOR=False
-
-# Def: True
-SPLIT_BEFORE_DICT_SET_GENERATOR=True
-
-# Def: False
-SPLIT_BEFORE_FIRST_ARGUMENT=False
-
-# Def: False
-SPLIT_BEFORE_LOGICAL_OPERATOR=False
-
-# Def: True
-SPLIT_BEFORE_NAMED_ASSIGNS=True
-
-# Def: 30
-SPLIT_PENALTY_AFTER_OPENING_BRACKET=30
-
-# Def: 10000
-SPLIT_PENALTY_AFTER_UNARY_OPERATOR=10000
-
-# Def: 0
-SPLIT_PENALTY_BEFORE_IF_EXPR=0
-
-# Def: 300
-SPLIT_PENALTY_BITWISE_OPERATOR=300
-
-# Def: 4500
-SPLIT_PENALTY_EXCESS_CHARACTER=4500
-
-# Def: 30
-SPLIT_PENALTY_FOR_ADDED_LINE_SPLIT=30
-
-# Def: 0
-SPLIT_PENALTY_IMPORT_NAMES=0
-
-# Def: 300
-SPLIT_PENALTY_LOGICAL_OPERATOR=300
-
-# Def: False
-USE_TABS=False

.vscode/launch.json

+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Test",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/src/tests/integration/test.py",
+            "cwd": "${workspaceFolder}/src/tests/integration",
+            "envFile": "${workspaceFolder}/src/tests/integration/.env",
+            "console": "integratedTerminal"
+        }
+    ]
+}

.vscode/settings.json

+{
+    "python.analysis.extraPaths": [
+        "./src/vault"
+    ]
+}

CONTRIBUTING.md

+python3 -m venv venv
+source venv/bin/activate
+poetry install --with test
+poetry run pytest tests/unit
+poetry run pytest tests/integration

README.md

 # Vault Data Retrieval Tool
 This tool is designed to retrieve secrets and secret metadata from HashiCorp Vault using the AppRole authentication method. It provides functions to fetch passwords and key data from a specified path within the Vault.
 
+## TODO
+Add poetry install instructions
+
 ## Requirements
 * Python 3.x
 * pip (Python package manager)
@@ -24,15 +27,16 @@ This tool is designed to retrieve secrets and secret metadata from HashiCorp Vau
 3. Modify the code to provide your Vault URL, namespace, role ID, secret ID, mount point, and engine details.
 4. Example:
     ```python
-    sys.path.append(config_global.get('APPLICATION', 'PYTHON-LIBRARY'))
-    sys.path.append('/opt/auth')
-    from ansible-vault.vault.client import clientV
-    password = clientV.getPasswordByAppRole("dev/SNOW/csui", "https://sam-hcavault.cec.eu.int", "EC/DIGIT_C4_SNET_ADMIN-ACC", "role_id", "secret_id", "apps-kv", "dev")
+    VAULT_KEY = getenv("VAULT_KEY")
+    VAULT_MOUNT_POINT = getenv("VAULT_MOUNT_POINT")
+
+    with Vault(url="http://vault.example.com", namespace="GROUP/NAMESPACE", role_id="00000000-0000-0000-0000-000000000000", secret_id="00000000-0000-0000-0000-000000000000") as vault:
+        secret = vault.get_keys_data(VAULT_KEY, VAULT_MOUNTPOINT)
     ```
 
 ## Functionality
-* `getPasswordByAppRole(key, vault_url, namespace_used, role_id, secret_id, mount_point, engine)`: This function retrieves a password from the specified key path in the Vault.
-* `getKeysData(key, vault_url, namespace_used, role_id, secret_id, mount_point, engine)`: This function retrieves key data (secret metadata) from the specified key path in the Vault.
+* `get_password_by_app_role(key, mount_point)`: This function retrieves a password from the specified key path in the Vault.
+* `get_keys_data(key, mount_point)`: This function retrieves key data (secret metadata) from the specified key path in the Vault.
 
 ## Notes
 * Ensure that the AppRole authentication method is correctly configured and enabled in your Vault instance.
@@ -43,6 +47,11 @@ This tool is designed to retrieve secrets and secret metadata from HashiCorp Vau
 * HashiCorp Vault Documentation: [https://www.vaultproject.io/docs](https://www.vaultproject.io/docs)
 * HVAC Documentation: [https://hvac.readthedocs.io](https://hvac.readthedocs.io)
 
+## Other useful links
+* https://developer.hashicorp.com/vault/docs/auth/approle
+* https://hvac.readthedocs.io/en/stable/usage/auth_methods/approle.html
+* https://hvac.readthedocs.io/en/stable/usage/secrets_engines/kv_v2.html#read-secret-metadata
+
 ## Authors
 * Marcelo Teixeira
 * Ricardo Silva

pyproject.toml

-[tool.black]
-line-length = 131
-# target-version = py27
-skip-string-normalization = true
-# check = true
-# diff = true
-include = '\.pyi?$'
-exclude = '''
-/(
-    \.git
-  | \.hg
-  | \.mypy_cache
-  | \.tox
-  | \.venv
-  | venv
-  | _build
-  | buck-out
-  | build
-  | dist
-)/
-'''
+[tool.poetry]
+name = "ansible-vault"
+version = "0.1.0"
+description = "This tool is designed to retrieve secrets and secret metadata from HashiCorp Vault using the AppRole authentication method. It provides functions to fetch passwords and key data from a specified path within the Vault."
+authors = [
+    "Marcelo Teixeira <andre-marcelo.ferreira-freire-teixeira@ext.ec.europa.eu>",
+    "Ricardo Silva <ricardo.silva@ext.ec.europa.eu>"
+]
+readme = "README.md"
+
+[tool.poetry.dependencies]
+python = "^3.7.3"
+flake8 = "^5.0.4"
+autopep8 = "^2.0.0"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"

requirements.txt

 requests==2.26.0
-pprint==0.1
-json==2.0.9
-datetime==4.3
-logging==0.5.1.2
 hvac==0.12.0

src/tests/integration/.env.example

+VAULT_KEY=
+VAULT_NAMESPACE=
+VAULT_URL=
+VAULT_APPROLE_ID=
+VAULT_APPROLE_PWD=
+VAULT_MOUNT_POINT=
+SECRET_VALUE=
+SECRET_KEY=
+SECRET_CREATED_TIME=
+ALT_VAULT_NAMESPACE=
+ALT_VAULT_KEY=
+ALT_VAULT_APPROLE_ID=
+ALT_VAULT_APPROLE_PWD=