Resource Hub API

Resource Hub API/backend service

Usage:

# creates new configuration files for customization...
cp -n .env.defaults .env
cp -n data/vault.example.yml data/vault.yml

# Build and start containers
docker-compose build --progress=plain # creates rhub-api docker image
docker-compose up  # starts the api

Additionally, for convenience, there is a Makefile with some useful commands:

$ make init           # create new customized .env and vault.yml files
$ make build          # build docker image
$ make build-no-cache # build docker image, ignoring the cache
$ make start          # start the orchestration using docker-compose
$ make stop           # stop orchestration
$ make test           # run unit tests (needs PYTHONPATH or virtualenv set)

Requirements

The API requires other services (database, etc) in order to function. Some of the configuration comes from environment variables. Docker-compose in this repository is configured to read variables from the customized .env file.

PostgreSQL

In the PostgreSQL you just need to create database and user, tables and other object are created automatically on first start.

RHUB_DB_DATABASE
RHUB_DB_HOST
RHUB_DB_PASSWORD
RHUB_DB_PORT
RHUB_DB_TYPE
RHUB_DB_USERNAME

HashiCorp Vault

In the HashiCorp Vault create AppRole and policy to limit access to secrets.

VAULT_TYPE=hashicorp
VAULT_ADDR - URL, with https://
VAULT_ROLE_ID - AppRole role_id
VAULT_SECRET_ID - AppRole secret_id

For development, you can use file vault that stores secrets in plain text YAML file.

VAULT_TYPE=file
VAULT_PATH - path to YAML file with secrets, see example in data/vault.yml

Authentication

Create token

flask create-user [-g <group-name>] <user-name>

The API token is printed only once and then it cannot be retrieved again, so write it down somewhere (eg. to .env as TOKEN variable).

To create admin account, run the following command:

flask create-user -g rhub-admin admin

Use token

Tokens are passed to the API via Authorization: Basic HTTP header. Username is __token__ and password is the API token.

curl -u __token__:$TOKEN http://localhost:8081/v0/me

requests.get(
    'http://localhost:8081/v0/me',
    auth=('__token__', os.environ['TOKEN']),
)

Tower

Credentials are required to allow Tower Webhook Notifications to be received by the API.

Create admin account for use from Tower:

flask create-user -g rhub-admin tower

Running quality checks

Install development dependencies (create a clean virtual env first, if you don't have one).

$ pip install -U -e .[dev] -r requirements.txt

SonarQube report. A link for the report will be printed on screen.

$ make scan

pip-audit report. Errors will be printed on screen.

$ tox -e pip_audit

OWASP Dependency-Check report. Report will be at odc-reports/dependency-check-report.html.

$ bash bin/dependency_check.sh

Contributing

If you want to contribute to our project, you are more then welcome - just check our contributing guide.

Name		Name	Last commit message	Last commit date
Latest commit History 355 Commits
.github		.github
bin		bin
config		config
data		data
docs		docs
migrations		migrations
releasenotes/notes		releasenotes/notes
src/rhub		src/rhub
tests		tests
.dockerignore		.dockerignore
.env.defaults		.env.defaults
.gitignore		.gitignore
.readthedocs.yml		.readthedocs.yml
.yamllint		.yamllint
Dockerfile		Dockerfile
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
Makefile		Makefile
README.md		README.md
bare_metal_how_to.md		bare_metal_how_to.md
config.py		config.py
docker-compose.yml		docker-compose.yml
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
setup.cfg		setup.cfg
setup.py		setup.py
sonar-project.properties		sonar-project.properties
tox.ini		tox.ini

License

resource-hub-dev/rhub-api

Folders and files

Latest commit

History

Repository files navigation

Resource Hub API

Requirements

PostgreSQL

HashiCorp Vault

Authentication

Create token

Use token

Tower

Running quality checks

Contributing

About

Resources

License

Stars

Watchers

Forks

Languages