profile
viewpoint

johnthagen/min-sized-rust 1403

🦀 How to minimize Rust binary size 📦

johnthagen/clang-blueprint 55

:european_castle: Example C++11 CMake project that incorporates awesome Clang tooling :dragon:

johnthagen/clion-cppcheck 21

:ballot_box_with_check: cppcheck plugin for CLion

johnthagen/cppcheck-junit 7

Converts Cppcheck XML output to JUnit XML.

johnthagen/exitstatus 4

:door: POSIX exit status definitions for Python

johnthagen/cpplint-junit 3

Converts cpplint output to JUnit format

johnthagen/autoenum 2

Auto-numbered enumerations for Python

johnthagen/doxygen-junit 2

Converts Doxygen errors to JUnit XML.

johnthagen/flake8-strings 2

Flake8 string quote plugin.

johnthagen/eote-dice 1

SW EotE Dice

issue commentaxnsan12/drf-yasg

NOTICE: Consider using drf-yasg2 as an active fork of this project

Yes, I would say that when @JoelLefkowitz (given the initiative he's shown, I feel as though he makes the most sense as a second maintainer) is promoted to a maintainer, this issue can be closed and we can begin the work of backporting whatever we need from the fork.

johnthagen

comment created time in an hour

pull request commentencode/django-rest-framework

Add drf-yasg2 reference

I'm converting this to a draft as we were able to get in contact with the maintainer of drf-yasg, so it's possible we may be able to use the original repo/package again.

johnthagen

comment created time in 8 hours

issue commentaxnsan12/drf-yasg

Incompatibility with latest DRF 3.12.0

I was thinking to update the description of the issue, to move to drf-yasg2 and close the same.

@fasih I went ahead and created a new issue with a clear title about the fork. I think it's good to keep this issue open to document the clear DRF 3.12 problem for current users of drf-yasg to reference.

fasih

comment created time in 12 hours

issue openedaxnsan12/drf-yasg

NOTICE: Consider using drf-yasg2 as an active fork of this project

Unfortunately the community has not been able to contact @axnsan12 for many months. During this time, DRF 3.12 has been released, which is no longer compatible with drf-yasg (#641), as well as Django 3.1 and Python 3.9.

In order to continue to keep this project from dying, @JoelLefkowitz gratuitously volunteered to champion a new fork, drf-yasg2, which has allowed us to merge in some long awaited fixes (#625) as well as make sure everything is tested on the latest Python, Django, and DRF.

We want to thank @axnsan12 for all of his great work on this project and hope this notice helps other users find a working package for their projects.

created time in 12 hours

pull request commentJoelLefkowitz/drf-yasg

Rollup of typo fixes

@JoelLefkowitz Please squash these commits when you merge, thanks.

johnthagen

comment created time in 12 hours

push eventjohnthagen/drf-yasg

johnthagen

commit sha d8ad9086dc7be20975ed55f211d20fbf66c6f12a

Fix typos in openapi.py

view details

push time in 12 hours

push eventjohnthagen/drf-yasg

johnthagen

commit sha 89bb039c1ff8fc643cdc32b776dae3a2b426d9fb

Fix typos in openapi.rst

view details

push time in 12 hours

push eventjohnthagen/drf-yasg

johnthagen

commit sha e22a9eedb5de2207d427f494b545a6c885107b3e

Fix typo in rendering.rst

view details

push time in 12 hours

push eventjohnthagen/drf-yasg

johnthagen

commit sha 872d67dbadd94832d1515b5df09e16b890e1c761

Fix typos in field.py

view details

push time in 12 hours

PR opened JoelLefkowitz/drf-yasg

Rollup of typo fixes

Migrating PRs from base repo

  • https://github.com/axnsan12/drf-yasg/pull/620
+5 -5

0 comment

1 changed file

pr created time in 12 hours

create barnchjohnthagen/drf-yasg

branch : fix-typos

created branch time in 12 hours

issue commentJoelLefkowitz/drf-yasg

Migrating pull requests from axnsan12/drf-yasg

It seems axnsan12#445 got lost at some point, so I opened #77 to restore it.

JoelLefkowitz

comment created time in 12 hours

PR opened JoelLefkowitz/drf-yasg

Add instructions for integration with drf-extra-fields

#29 says it fixes this issue but it seems that somewhere along the line this was lost.

Cross references:

  • https://github.com/Hipo/drf-extra-fields/pull/100
  • https://github.com/Hipo/drf-extra-fields/issues/66
  • https://github.com/Hipo/drf-extra-fields#drf-yasg-fix-for-base64-fields
+34 -0

0 comment

2 changed files

pr created time in 12 hours

create barnchjohnthagen/drf-yasg

branch : drf-extra-fields-integration

created branch time in 12 hours

delete branch johnthagen/python-blueprint

delete branch : simplify-travis

delete time in 12 hours

push eventjohnthagen/python-blueprint

johnthagen

commit sha 3c51fc533501edde1f8955e7e3a54ccf9ce92f79

Simplify Travis config now that Python 3.5 has been dropped (#34)

view details

push time in 12 hours

push eventjohnthagen/drf-yasg

johnthagen

commit sha f46c5825aa669e35d40f9ed25105dd5fdada6153

Fix changelog RST rendering (#68)

view details

johnthagen

commit sha ef4bb4c76b57585f5026bec16e37eec9f347a71a

Update bundled swagger-ui and redoc Javascript dependencies (#69)

view details

johnthagen

commit sha 8856c1422b8bc29c925121d2a50c44a33ff69795

Use canonical package name and fix some references to drf_yasg (#70)

view details

johnthagen

commit sha 7321b04125409d938a0c6354b08739f5bb925583

Fix changelog formatting (#72)

view details

Joel Lefkowitz

commit sha acff90ac26eba01e363bfd3ecc75b71a6a37088a

Release v19.3

view details

push time in 12 hours

issue closedjohnthagen/python-blueprint

Update licenses env for pip-licenses 3.0

Tracking: https://github.com/raimon49/pip-licenses/pull/77

closed time in 12 hours

johnthagen

issue commentjohnthagen/python-blueprint

Update licenses env for pip-licenses 3.0

Closed in 10817125ae359565632f9c93366db75f7750657e

johnthagen

comment created time in 12 hours

push eventjohnthagen/python-blueprint

johnthagen

commit sha 10817125ae359565632f9c93366db75f7750657e

Update pip-licenses testenv for pip-licenses 3.0.0 release

view details

push time in 12 hours

create barnchjohnthagen/python-blueprint

branch : simplify-travis

created branch time in 12 hours

pull request commentraimon49/pip-licenses

Report multiple LICENSE files

@raimon49 Is handling multiple license files still something that can be considered? If so, do you know what approach you would accept?

johnthagen

comment created time in 14 hours

delete branch johnthagen/numpy

delete branch : patch-1

delete time in a day

pull request commentaxnsan12/drf-yasg

Bumped redoc version to 2.0.0-rc.23

This has been implemented and fixed in the active fork, drf-yasg2.

See: https://github.com/JoelLefkowitz/drf-yasg/pull/69

rafalolszewski94

comment created time in a day

pull request commentaxnsan12/drf-yasg

Prepare for DRF master changes

The active fork, drf-yasg2 is now tested and fully supports Django 2.2-3.1.

jayvdb

comment created time in a day

pull request commentaxnsan12/drf-yasg

Update Redoc to 2.0.0-rc36

This has been implemented in the active fork, drf-yasg2.

See: https://github.com/JoelLefkowitz/drf-yasg/pull/69

cjnething

comment created time in a day

pull request commentaxnsan12/drf-yasg

Fix tox environment to properly test on Django 3.0

This has been implemented in the active fork, drf-yasg2.

johnthagen

comment created time in a day

pull request commentaxnsan12/drf-yasg

Drop all compat support to Django < 2.1 urls

This has been implemented in the active fork, drf-yasg2.

See: https://github.com/JoelLefkowitz/drf-yasg/pull/54

fasih

comment created time in a day

pull request commentaxnsan12/drf-yasg

Attempt to fix master

This PR has more or less been implemented in the active fork, drf-yasg2.

ticosax

comment created time in a day

issue commentenpaul/tox-poetry-installer

Replace "poetry" dependency with "poetry-core"

Parsing and handling lockfile conditions is something I would really like to avoid having to reimplement for this plugin.

Yes, I totally agree with this. I'd never want to ask a package like this to reimplement something that should otherwise be shared with poetry. We have working work-arounds and understand the poetry ecosystem still has a little maturing to do.

Thanks!

enpaul

comment created time in a day

push eventsillsdev/TheCombine

Jim Grady

commit sha e40f89c060f4df698800d47b33ebb429aa5812a7

Bump version to 0.4.1-alpha.0 (#776)

view details

Jim Grady

commit sha e9ec5d45dc4bf3a05e9b13014a64d55c4c44675c

Port certmgr to python (#777) * Port certmgr entrypoint scripts to Python 3 * Remove CERT_VERBOSE option for certmgr container * Add aws-cli to image for future needs * Fix shebang in entrypoint * Make BaseCert an Abstract Base Class * Add comments for why we create self-signed cert and wait for webserver * Set Python files to use LF ending so they are compatible from Windows when copied into a Docker image * Document the certmgr methods * Change workdir for Python scripts in container * Remove shebang/executable bit from python modules called by entrypoint * Make python filenames more human-friendly * Added docstrings for LetsEncryptCert and SelfSignedCert's methods * Add comment about implicit Python dependencies Co-authored-by: johnthagen <johnthagen@users.noreply.github.com> Co-authored-by: johnthagen <johnthagen@gmail.com>

view details

johnthagen

commit sha 8c6ceeab85237395642a677ca516ce0ce8dd637b

Merge branch 'master' into backend-nullable

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha b40766b631259f1a55c22554413740bfa3014201

fmt

view details

push time in 2 days

PullRequestReviewEvent

push eventsillsdev/TheCombine

johnthagen

commit sha bf1e84d27d0f5a367bd0d695395c871148e80d41

Fix LGTM issue in UserEditController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha ef85e9c217b18b6fabbb208fd81c6db7e8a03e2c

Fix LGTM issue in ProjectController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha b5f87c858fbeae921b6301da8789702fea2a28a8

Fix LGTM issue in LiftApiServices.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha f477cca8d306e2fb447e5f49f8f151c0da452ab5

Fix PasswordReset test

view details

push time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 71 at r5 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

As small docstring on this method could help explaining how the function works and what the two return values mean. </blockquote></details>

LGTM

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/basecert.py, line 1 at r4 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

Breaking this off the entry point discussion. We should remove the shebangs from all .py files that aren't entrypoint.py since they are not designed to be executed directly.

We should also remove the executable permissions bits from them if they are set. </blockquote></details>

LGTM

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/Dockerfile, line 17 at r2 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

Do you think we need to copy into /usr/bin? Most of our files will no longer be executable, and I think it would isolate our code a little more if we did something like:

WORKDIR /src

COPY scripts/*.py .

ENTRYPOINT ["./entrypoint.py"]

This also makes it slightly easier to do this later if we want (since our code is in our CWD):

ENTRYPOINT ["python3", "entrypoint.py"]

</blockquote></details>

LGTM

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/basecert.py, line 3 at r4 (raw file):

#!/usr/bin/env python3

from abc import ABC, abstractmethod

Minor comment, but the typical style for Python modules is to separate words with underscores.

For example:

  • base_cert.py
  • letsencrypt_cert.py
  • etc

The idea is to make it easier for the human to read.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/func.py, line 29 at r9 (raw file):

        return None

# Create/move a symbolic link at 'dest' to point to 'src'

In the Python space, this kind of documentation is best put into a docstring: https://www.python.org/dev/peps/pep-0257/#what-is-a-docstring

The advantage of this is that Python developers will be comfortable with this, and code editors and IDEs will parse docstrings when you use a "quick doc" feature, or hover over a function.

This applies to the documentation that was added to letsencrypt.py and selfsignedcert.py.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 8cef207758cbd30587a4794dd645b6fac23e1271

Update UserController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha f7de7c48b277685196733e3a9f06bfff4e6ae7d0

Update ProjectController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 3201466270467469980c8f48818997427c19e025

Use the idiomatic `is null` rather than `== null`

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha e6bab1846ec93e35df749bc73c071fec6f1a29b6

Update UserEditController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 5dd5a04dc9685e3391e812cfd169f11060924d48

Update LiftController.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 1811a1c46e3f9974d230674c85db60a8c1df7aee

Update EmailContext.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 0f7a2f953783b3089fda641cf09316c1dcb8a53f

Update Startup.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha c4f9e0a6c371197cc725ac86fcf11aec76f13dbe

Update Project/Word services

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha ac8047bd5bb420e2ef6ec191c699d9e5b07f4a0c

Update two services

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 90c5f5a5eb0dcd4da54c8a452351fbd6201dba82

Update PermissionService.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 93a96def16315d744bfd4320dc5b7600083f52b3

Update PasswordResetService.cs

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 826bea1a32254eef18e9d788f808af04a7062e53

Update LiftAPIServices

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha ca5d5fb8588ba9e8d8d6ce0483675920b8824b0f

Update Word Model

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 3e2fb6695f05f6cdec3ed91f19e979999754a013

Update UserRole model

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 4b264ced081f07fa5621529860c259770e4f3305

Update EditUser model

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 48b8c4f968c46905ad963abc6d312dd008f610ca

Update User model

view details

push time in 2 days

PR opened sillsdev/TheCombine

Enable C# 8 nullable compiler feature backend maintenance refactor

Closes #754

+33 -21

0 comment

3 changed files

pr created time in 2 days

create barnchsillsdev/TheCombine

branch : backend-nullable

created branch time in 2 days

issue commentsillsdev/TheCombine

Consider enforcing nullable type system in backend

One of the challenges is dealing with all of the Clone() implementations in the Models.

        public EmailInvite Clone()
        {
            return new EmailInvite
            {
                Id = Id.Clone() as string,
                Email = Email.Clone() as string,
                Token = Token.Clone() as string,
                ExpireTime = ExpireTime
            };
        }

All of the as casts can return null. It would be nice if we could find a better way to Clone() these objects. strings are immutable in C#, so I'm not exactly sure why we need to Clone() in the first place, but there could be some interaction with Mongo I don't understand.

johnthagen

comment created time in 2 days

PullRequestReviewEvent

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/Dockerfile, line 19 at r2 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

I will try out the various options on Windows to see which is the smoothest. </blockquote></details>

I pushed in a fix for this. I set .py files to be LF ending. This matches .sh and .js/ts already so it seems like the simplest option.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha a93947181be0d3c7e4a253168459c91cc94adf6d

Set Python files to use LF ending so they are compatible from Windows when copied into a Docker image

view details

push time in 2 days

issue commentdjango/channels

Django 3.0 vs. Channels?

Is there any documentation on the current roadmap of async functionality planned for Django 3.2 or 4.0? I remember the original roadmap from 2018 being really helpful and was curious if there is an updated now that we are nearing the end of 2020.

bluesurfer

comment created time in 2 days

issue commentenpaul/tox-poetry-installer

Replace "poetry" dependency with "poetry-core"

@enpaul Thanks, I suspected something like that would help as well.

enpaul

comment created time in 2 days

PullRequestReviewEvent

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 9 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

I like the idea of putting it in the Dockerfile since that is where you specify packages to be included. These are the python3 modules that are currently installed in this container. Any others that we should mention explicitly?

libpython3-stdlib/now 3.7.3-1 amd64 [installed,local]
libpython3.7-minimal/now 3.7.3-2+deb10u2 amd64 [installed,local]
libpython3.7-stdlib/now 3.7.3-2+deb10u2 amd64 [installed,local]
python3-acme/now 0.31.0-2 all [installed,local]
python3-asn1crypto/now 0.24.0-1 all [installed,local]
python3-certbot/now 0.31.0-1 all [installed,local]
python3-certifi/now 2018.8.24-1 all [installed,local]
python3-cffi-backend/now 1.12.2-1 amd64 [installed,local]
python3-chardet/now 3.0.4-3 all [installed,local]
python3-configargparse/now 0.13.0-1 all [installed,local]
python3-configobj/now 5.0.6-3 all [installed,local]
python3-cryptography/now 2.6.1-3+deb10u2 amd64 [installed,local]
python3-distutils/now 3.7.3-1 all [installed,local]
python3-future/now 0.16.0-1 all [installed,local]
python3-idna/now 2.6-1 all [installed,local]
python3-josepy/now 1.1.0-2 all [installed,local]
python3-lib2to3/now 3.7.3-1 all [installed,local]
python3-minimal/now 3.7.3-1 amd64 [installed,local]
python3-mock/now 2.0.0-4 all [installed,local]
python3-openssl/now 19.0.0-1 all [installed,local]
python3-parsedatetime/now 2.4-2 all [installed,local]
python3-pbr/now 4.2.0-5 all [installed,local]
python3-pkg-resources/now 40.8.0-1 all [installed,local]
python3-requests-toolbelt/now 0.8.0-1 all [installed,local]
python3-requests/now 2.21.0-1 all [installed,local]
python3-rfc3339/now 1.1-1 all [installed,local]
python3-setuptools/now 40.8.0-1 all [installed,local]
python3-six/now 1.12.0-1 all [installed,local]
python3-tz/now 2019.1-1 all [installed,local]
python3-urllib3/now 1.24.1-1 all [installed,local]
python3-zope.component/now 4.3.0-1 all [installed,local]
python3-zope.event/now 4.2.0-1 all [installed,local]
python3-zope.hookable/now 4.0.4-4+b4 amd64 [installed,local]
python3-zope.interface/now 4.3.2-1+b2 amd64 [installed,local]
python3.7-minimal/now 3.7.3-2+deb10u2 amd64 [installed,local]
python3.7/now 3.7.3-2+deb10u2 amd64 [installed,local]
python3/now 3.7.3-1 amd64 [installed,local]

Looking at the list, I suspect that requests is installed with certbot and I think the same is true for openssl. </blockquote></details>

Yeah, I think a really brief comment about how our Python depends on requests which is installed for certbot would be totally sufficient.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/func.py, line 30 at r4 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

Done. </blockquote></details>

Looks like this change didn't get pushed yet.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/selfsignedcert.py, line 39 at r3 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

Should this be self.cert? </blockquote></details>

LGTM

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 77 at r2 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

Oh I see, so we're just connecting to ourselves, waiting, and we need to stop redirects or we'll get a bad certificate warning.

If this is correct, could we add a comment about this (and why allow_redirects is set to False)?

Another option (I don't think it's necessarily better, but just informational to share) is that we could go to HTTPS and disable cert checking:

https://stackoverflow.com/a/32282390

Again, I don't think this is really better than hitting the HTTP endpoint, since we'll always supporting the HTTP redirection endpoint. </blockquote></details>

LGTM.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 30 at r5 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

Can remove this type hint. </blockquote></details>

LGTM

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/Dockerfile, line 17 at r2 (raw file):

        /usr/local/aws-cli/v2/*/dist/awscli/examples

COPY scripts/*.py /usr/bin/

Do you think we need to copy into /usr/bin? Most of our files will no longer be executable, and I think it would isolate our code a little more if we did something like:

WORKDIR /src

COPY scripts/*.py .

ENTRYPOINT ["./entrypoint.py"]

This also makes it slightly easier to do this later if we want (since our code is in our CWD):

ENTRYPOINT ["python3", "entrypoint.py"]

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 71 at r5 (raw file):

        os.system("certbot renew")

    def wait_for_webserver(self) -> bool:

As small docstring on this method could help explaining how the function works and what the two return values mean.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/selfsignedcert.py, line 39 at r3 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

PyCharm is showing me that self.cert_file doesn't exist on this class. Is there a bug here? </blockquote></details>

Should this be self.cert?

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/selfsignedcert.py, line 39 at r3 (raw file):

    def renew(self) -> None:
        renew_before_expiry_sec = self.renew_before_expiry * 3600 * 24
        if self.cert_file.exists():

PyCharm is showing me that self.cert_file doesn't exist on this class. Is there a bug here?

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/Dockerfile, line 19 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

The first option is fine for me if it works for you. The second one (ENTRYPOINT ["python3", "/usr/bin/entrypoint.py"]) is also a good idea (assuming that python3 is on the default path which the shebang seems to imply).

Also, I see that the nginx container puts its entrypoint scripts at root - that is an option too. </blockquote></details>

I will try out the various options on Windows to see which is the smoothest.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

push eventsillsdev/TheCombine

D. Ror

commit sha c0d14b85ce39d14aec3632efc6f96161c6d1b3ad

Bump version to 0.4.0 to release note field (#775) * Bump version to 0.3.2 to release note field * Set version to 0.4.0 Increment minor version since the Notes feature has been added.

view details

johnthagen

commit sha 0d8857590c74ba38113d847b1ed5075736af1a89

Disable TLS 1.0 and 1.1 and enable TLS 1.3 in NGINX configuration (#779)

view details

johnthagen

commit sha 773c123e3bac3cfe0189c112c5c36fa526f222d8

Merge branch 'master' into port_certmgr_to_python

view details

push time in 2 days

push eventsillsdev/TheCombine

johnthagen

commit sha 0d8857590c74ba38113d847b1ed5075736af1a89

Disable TLS 1.0 and 1.1 and enable TLS 1.3 in NGINX configuration (#779)

view details

push time in 2 days

delete branch sillsdev/TheCombine

delete branch : tls-1.3

delete time in 2 days

PR merged sillsdev/TheCombine

Disable TLS 1.0 and 1.1 and enable TLS 1.3 in NGINX configuration docker security

TLS 1.0 and 1.1 have known security concerns. All major browser support at least TLS 1.2.

This disables the default NGINX configuration portion that enables support for TLS 1.0 and 1.1, and also adds support for TLS 1.3, the new standard that is more secure and can also be more performant.

<!-- Reviewable:start -->

This change is <img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/> <!-- Reviewable:end -->

+1 -0

1 comment

1 changed file

johnthagen

pr closed time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 30 at r5 (raw file):

            temp_cert.create()

        is_letsencrypt_cert: bool = False

Can remove this type hint.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/entrypoint.py, line 21 at r4 (raw file):


    cert_store: str = lookup_env("CERT_STORE")
    for subdir in ["nginx", "selfsigned"]:

Minor: this would be slightly more idiomatic if we used an immutable tuple rather than a mutable list.

for subdir in ("nginx", "selfsigned"):

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/func.py, line 30 at r4 (raw file):


def update_link(src: Path, dest: Path) -> None:

Minor: let's remove this extra newline at the start of this function to make it look consistent with others.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/basecert.py, line 1 at r4 (raw file):

#!/usr/bin/env python3

Breaking this off the entry point discussion. We should remove the shebangs from all .py files that aren't entrypoint.py since they are not designed to be executed directly.

We should also remove the executable permissions bits from them if they are set.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 77 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

No. This needs to be http so that we can see if Let's Encrypt will be able to reach the server. If we try to connect to https we get an error because it's a self-signed certificate. </blockquote></details>

Oh I see, so we're just connecting to ourselves, waiting, and we need to stop redirects or we'll get a bad certificate warning.

If this is correct, could we add a comment about this (and why allow_redirects is set to False)?

Another option (I don't think it's necessarily better, but just informational to share) is that we could go to HTTPS and disable cert checking:

https://stackoverflow.com/a/32282390

Again, I don't think this is really better than hitting the HTTP endpoint, since we'll always supporting the HTTP redirection endpoint.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 9 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

Sorry if I seem obstinate but isn't that obvious since it's being imported? </blockquote></details>

I guess what I'm hoping to communicate/convey is that this Python application has an external Python package dependency. It's not super clear reading the code until you get here that this is the case.

A better place for this might be in the Dockerfile. The concern I have is that because we are implicitly depending on it, this could break for future debian releases.

But, I do think in general this isn't a huge deal. If you can think of a good place to put the text "This Python application depends upon requests being installed into its environment" or similar, I think that could help things down the road.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/func.py, line 38 at r4 (raw file):

                dest.unlink()
            else:
                # src already point to the dest

point -> points ?

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 73 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

I misunderstood. Thanks. This makes the effort a lot more reasonable! </blockquote></details>

This one is still here, so I'll leave the comment open until it's removed.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 69 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

I don't understand this comment. LetsEncryptCert.renew() is running the certbot renew program which renews all of the Let's Encrypt certificates that are up for renewal. </blockquote></details>

Sorry, ignore the pass part of that previous comment. This method should be defined as:

    def renew(self) -> None:
        os.system("certbot renew")

All (non-static) methods in Python take self as the first argument. This method is just missing the self.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 9 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

Actually, I don't think it was installed by aws-cli. I was using the requests library before I installed aws-cli. </blockquote></details>

Okay, let's just add a comment that it's a system dependency so it's a little more clear we are depending on it.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/letsencryptcert.py, line 9 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

As far as I can tell, urllib does not work since you cannot keep it from following redirections. I did nothing special to install requests; it was included in the container. </blockquote></details>

It was probably installed transitively by awscli. This is probably okay given if/when this breaks it will be a very obvious error. Probably easiest to not worry about this.

Could we add a comment above the imports that we expect requests to be installed automatically from awscli as a requirement?

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/func.py, line 7 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

Done. </blockquote></details>

There are some missing/unused imports now, but the lint job should show you those.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/entrypoint.py, line 37 at r2 (raw file): <details><summary><i>Previously, jmgrady (Jim Grady) wrote…</i></summary><blockquote>

With the change to make BaseCert an ABC, I have the mode choices defined as:

mode_choices: Optional[Dict[str, BaseCert]]

and mode_choices.get() will return None if the mode is not in the list choices. If None is returned, the function will print an error message and exit(99). </blockquote></details>

Could the sys.exit() call be moved into the else block for clarity? We can then remove the comment, since it can get there now.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/entrypoint.py, line 28 at r3 (raw file):

    cert_obj = mode_choices.get(cert_mode, None)

    if cert_obj:

I personally think it's clearer to write the explicit if cert_obj is not None: given how dynamic Python can be.

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

pull request commentsillsdev/TheCombine

Port certmgr to python


certmgr/scripts/entrypoint.py, line 15 at r2 (raw file): <details><summary><i>Previously, johnthagen wrote…</i></summary><blockquote>

There are some missing/unused imports and I don't believe this needs to be marked Optional since you are declaring it directly (there is no None case). </blockquote></details>

Looking at this closer, I think you want: Dict[str, Optional[BaseCert]]

<!-- Sent from Reviewable.io -->

jmgrady

comment created time in 2 days

more