jw.pkg: Fix "make check" static code check fallout
The previous commits have put rules for linting and formatting via ruff, yapf, mypy and pyright into place. They are checked with the make check target, and this commit adds the fixes for the target to succeed.
It does some refactoring where type checking dug up dirty bits, and also adds lots of churn in the Python code. To a good deal, that's owed to mere formatting changes. It would have been better to seperate those from syntax and refactoring fixes into multiple commits, so that the interesting changes don't drown in the formatting nose. However, that would have been a lot of additional work only to be thrown away by later commits, hence this commit has a big diff in one piece. The size of the diff is regrettable but hopefully a one-off: What it buys is automatic format checking for CI and predictble formats for smaller diffs in the future.
Rules that "make check" enforces are, in the following order
- Syntax checkers:
- ruff check . - mypy . - pyright- Format check:
- yapf --diff --recursive .The refactoring includes:
- Turn the Result class into a more elaborate object, capable of doing more heavy lifting around stderr and stdout decoding, summarizing outcome, and matching error strings.Aside from fixing broken type checks, this also removes lots of boilerplate calling code which is currently used for handling possible call outcome scenarios. Trying to access an inexistent, decoded string should raise a meaningful exception by itself now, which removes lots of code with case distinctions.- Fix Cmd type hierarchy:
- Add the AbstractCmd class above Cmd. This is necessary because the checker rightfully complains it can't instantiate a Cmd instance where constructor arguments were needed. They never were, but the type used at the instantiating code's location in jw.pkg.App so claims.- Lots of sub- and sub-subcommands are derived from the base class of the invoking command. That provides some properties shared across the ancestor hierarchy of a command, but is semantically unsound. Fix that by introducing jw.pkg.BaseCmd class as a place to provide basic helpers shared across all commands used in a jw.pkg.App's context, and derive all command classes from that afresh. The parent command is still reachable via a common parent property.Formatting changes are conforming to PEP-8, mostly, with minor tweaks. All in all they include the following changes.
- Remove # -*- coding: utf-8 -*-
The line was needed by Python 2 which is not supported anylonger. For Python 3, the default encoding is UTF-8, anyway.- Allow to run "make py-format" without having it produce any changes. It's basically "yapf --in-place --recursive ." with some code style settings, see conf/topdir/pyproject.toml. The settings may be debatable. I've had custom tweaks in place on that target, too, but then again, IDEs would have more hassle to integrate that.- Introduce a 88 character line length limit
- One import per line, reshuffle them semantically, see [tool.isort] in pyproject.toml.- Hide imports needed for type-checking only behind
if TYPE_CHECKING- Spaces around assignments accounts for much churn. Having having no spaces in inline parameter list assignments and default parameter values would arguably be more compact where it's useful. On the other hand, I have not found a code formatter which allows spaces around assignments in parameter lists broken into one per line and that's often better than a wall of text.- Add two spaces before # export, as this seems to be mandated by PEP-8- Use single quotes by default
Signed-off-by: Jan Lindemann <jan@janware.com>
|
|
@ -1,24 +1,20 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import re
|
||||
import sys
|
||||
|
||||
from pathlib import Path
|
||||
|
||||
from typing import TYPE_CHECKING
|
||||
|
||||
from ....lib.log import DEBUG, NOTICE, WARNING, log
|
||||
from ....lib.ProcFilterGpg import ProcFilterGpg
|
||||
from .base import Attrs
|
||||
from .FilesContext import FilesContext
|
||||
|
||||
if TYPE_CHECKING:
|
||||
from typing import Iterable
|
||||
from ....lib.FileContext import FileContext
|
||||
|
||||
from ....lib.log import *
|
||||
from ....lib.util import run_cmd
|
||||
from ....lib.TarIo import TarIo
|
||||
from ....lib.ProcFilterGpg import ProcFilterGpg
|
||||
|
||||
from .base import Attrs
|
||||
from .FilesContext import FilesContext
|
||||
from ....lib.Distro import Distro
|
||||
|
||||
class DistroContext(FilesContext):
|
||||
|
||||
|
|
@ -37,18 +33,22 @@ class DistroContext(FilesContext):
|
|||
async def list_template_files(self, pkg_names: Iterable[str]) -> list[str]:
|
||||
if not pkg_names:
|
||||
pkg_names = [p.name for p in await self.__distro.select()]
|
||||
return await self.match_files(pkg_names, pattern=r'.*\.jw-tmpl$')
|
||||
return await self.match_files(pkg_names, pattern = r'.*\.jw-tmpl$')
|
||||
|
||||
async def list_secret_paths(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:
|
||||
async def list_secret_paths(
|
||||
self, pkg_names: Iterable[str], ignore_missing: bool = False
|
||||
) -> list[str]:
|
||||
ret = []
|
||||
for tmpl in await self.list_template_files(pkg_names):
|
||||
path = str(Path(tmpl).with_suffix(".jw-secret"))
|
||||
path = str(Path(tmpl).with_suffix('.jw-secret'))
|
||||
if ignore_missing and not await self.ctx.file_exists(path):
|
||||
continue
|
||||
ret.append(path)
|
||||
return ret
|
||||
|
||||
async def list_compilation_targets(self, pkg_names: Iterable[str], ignore_missing: bool=False) -> list[str]:
|
||||
async def list_compilation_targets(
|
||||
self, pkg_names: Iterable[str], ignore_missing: bool = False
|
||||
) -> list[str]:
|
||||
ret = []
|
||||
for tmpl in await self.list_template_files(pkg_names):
|
||||
path = tmpl.removesuffix('.jw-tmpl')
|
||||
|
|
@ -58,72 +58,119 @@ class DistroContext(FilesContext):
|
|||
return ret
|
||||
|
||||
async def remove_compilation_targets(self, pkg_names: Iterable[str]) -> list[str]:
|
||||
ret: list[str] = []
|
||||
for path in await self.list_compilation_targets(pkg_names):
|
||||
try:
|
||||
self.ctx.stat(path)
|
||||
await self.ctx.stat(path)
|
||||
log(NOTICE, f'Removing {path}')
|
||||
await self.ctx.unlink(path)
|
||||
except FileNotFoundError as e:
|
||||
log(DEBUG, f'Compilation target {path} doesn\'t exist (ignored)')
|
||||
ret.append(path)
|
||||
except FileNotFoundError:
|
||||
log(DEBUG, f"Compilation target {path} doesn't exist (ignored)")
|
||||
continue
|
||||
return ret
|
||||
|
||||
async def compile_template_files(self, pkg_names: Iterable[str], default_attrs: Attrs) -> list[str]:
|
||||
async def compile_template_files(
|
||||
self, pkg_names: Iterable[str], default_attrs: Attrs
|
||||
) -> list[str]:
|
||||
ret: list[str] = []
|
||||
missing = 0
|
||||
for target in await self.list_compilation_targets(pkg_names):
|
||||
if not await self.compile_template_file(target, default_attrs):
|
||||
if await self.compile_template_file(target, default_attrs):
|
||||
ret.append(target)
|
||||
else:
|
||||
missing += 1
|
||||
if missing > 0:
|
||||
log(WARNING, f'{missing} missing secrets found. You might want to add them and run sudo {app.cmdline} again')
|
||||
from ....lib.util import pretty_cmd
|
||||
|
||||
async def install(self, src_uri: str, pkg_names: Iterable[str], only_missing: bool=False, verbose: bool=False) -> None:
|
||||
cmdline = pretty_cmd(sys.argv)
|
||||
log(
|
||||
WARNING,
|
||||
(
|
||||
f'{missing} missing secrets found. You might want to add them and '
|
||||
f'run sudo {cmdline} again'
|
||||
),
|
||||
)
|
||||
return ret
|
||||
|
||||
async def _read_secret_tar_blob(src_uri: str):
|
||||
async def install(
|
||||
self,
|
||||
src_uri: str,
|
||||
pkg_names: Iterable[str],
|
||||
only_missing: bool = False,
|
||||
verbose: bool = False,
|
||||
) -> None:
|
||||
|
||||
async def _read_secret_tar_blob(src_uri: str) -> bytes:
|
||||
ec = self.ctx
|
||||
from ....lib.ec.Local import Local
|
||||
from ....lib.util import get
|
||||
|
||||
if not isinstance(ec, Local):
|
||||
ec = Local() # Security: Use a local exec context for decrypting and filtering secrets
|
||||
return (await get(src_uri, content_filter=ProcFilterGpg(ec=ec))).stdout
|
||||
# Security: Use a local exec context for decrypting and
|
||||
# filtering secrets
|
||||
ec = Local()
|
||||
return (await get(src_uri, content_filter = ProcFilterGpg(ec = ec))).stdout
|
||||
|
||||
def _matches_host_prefix(path: str) -> bool:
|
||||
return re.match(r'^' + root_in_tar, path)
|
||||
return re.match(r'^' + host_root_in_tar, path) is not None
|
||||
|
||||
def _crop_host_prefix(path: str) -> bool:
|
||||
return re.sub(r'^' + root_in_tar, '', path)
|
||||
return re.sub(r'^' + host_root_in_tar, '', path) is not None
|
||||
|
||||
def _crop_default_prefix(path: str) -> bool:
|
||||
return re.sub(r'^' + default, '', path)
|
||||
return re.sub(default_rx, '', path) is not None
|
||||
|
||||
def _matches_default_prefix(path: str) -> bool:
|
||||
return re.match(r'^default', path)
|
||||
return re.match(r'^default', path) is not None
|
||||
|
||||
def _is_needed_secret(path: str) -> bool:
|
||||
return path in secret_paths
|
||||
|
||||
from .tar import filter as tar_filter, rewrite as tar_rewrite, extract as tar_extract, merge as tar_merge
|
||||
from .tar import extract as tar_extract
|
||||
from .tar import filter as tar_filter
|
||||
from .tar import merge as tar_merge
|
||||
from .tar import rewrite as tar_rewrite
|
||||
|
||||
if only_missing:
|
||||
raise NotImplementedError('--only-missing is not yet implemented')
|
||||
|
||||
secret_paths = await self.list_secret_paths(pkg_names)
|
||||
|
||||
host_root_in_tar = '/'.join(reversed(self.ctx.hostname.split('.')))
|
||||
hostname = self.ctx.uri.hostname
|
||||
if not hostname:
|
||||
raise Exception('Have no hostname to find secrets in tar file')
|
||||
host_root_in_tar = '/'.join(reversed(hostname.split('.')))
|
||||
host_rx = re.compile(r'^' + host_root_in_tar)
|
||||
default_rx = re.compile(r'^default')
|
||||
|
||||
filtered_paths: list[str] = []
|
||||
extracted_paths: list[str] = []
|
||||
|
||||
blob_all = await _read_secret_tar_blob(src_uri)
|
||||
blob_host_filtered = tar_filter(blob_all, lambda p: re.match(host_rx, p), filtered_paths)
|
||||
blob_host_transformed = tar_rewrite(blob_host_filtered, lambda p: re.sub(host_rx, '', p))
|
||||
blob_default_filtered = tar_filter(blob_all, lambda p: re.match(default_rx, p), filtered_paths)
|
||||
blob_default_transformed = tar_rewrite(blob_default_filtered, lambda p: re.sub(default_rx, '', p))
|
||||
blob_secret_material = tar_merge([blob_host_transformed, blob_default_transformed], overwrite=False)
|
||||
blob_needed = tar_filter(blob_secret_material, _is_needed_secret, extracted_paths)
|
||||
blob_all = await _read_secret_tar_blob(src_uri)
|
||||
if blob_all is None:
|
||||
raise Exception(f'Tar blob {src_uri} is empty')
|
||||
blob_host_filtered = tar_filter(
|
||||
blob_all, lambda p: re.match(host_rx, p) is not None, filtered_paths
|
||||
)
|
||||
blob_host_transformed = tar_rewrite(
|
||||
blob_host_filtered, lambda p: re.sub(host_rx, '', p)
|
||||
)
|
||||
blob_default_filtered = tar_filter(
|
||||
blob_all, lambda p: re.match(default_rx, p) is not None, filtered_paths
|
||||
)
|
||||
blob_default_transformed = tar_rewrite(
|
||||
blob_default_filtered, lambda p: re.sub(default_rx, '', p)
|
||||
)
|
||||
blob_secret_material = tar_merge(
|
||||
[blob_host_transformed, blob_default_transformed], overwrite = False
|
||||
)
|
||||
blob_needed = tar_filter(
|
||||
blob_secret_material, _is_needed_secret, extracted_paths
|
||||
)
|
||||
|
||||
await tar_extract(self.ctx, blob_needed, root='/', verbose=verbose)
|
||||
await tar_extract(self.ctx, blob_needed, root = '/', verbose = verbose)
|
||||
for path in secret_paths:
|
||||
if not path in extracted_paths:
|
||||
log(NOTICE, f'not extracted: {path}')
|
||||
else:
|
||||
log(NOTICE, f'extracted: {path}')
|
||||
if path not in extracted_paths:
|
||||
log(NOTICE, f'not extracted: {path}')
|
||||
else:
|
||||
log(NOTICE, f'extracted: {path}')
|
||||
|
|
|
|||