Skip to main content

No project description provided

Project description

First, install pop-create-idem this is an extension of pop-create that is designed to easily create boilerplate code for idem-cloud projects.

pip3 install pop-create-idem

You now have access to the pop-create command with the idem-cloud subcommand.

To create a new idem-cloud project, run:

pop-create idem-cloud --directory /path/to/new/project --project-name=idem-{my_cloud} --simple-cloud-name={my_cloud}

A new project will have been created with all the boilerplate code needed to get started with idem-cloud: The directory tree should now look something like this:

.
├── build.conf
├── cicd
│   └── upload-code-coverage.sh
├── {project_name}
│   ├── acct
│   │   ├── contracts
│   │   └── {simple_service_name}
│   │       └── basic_auth.py
│   ├── conf.py
│   ├── exec
│   │   ├── contracts
│   │   └── {simple_service_name}
│   │       └── init.py
│   ├── states
│   │   ├── contracts
│   │   └── {simple_service_name}
│   │       └── init.py
│   ├── tool
│   │   └── contracts
│   └── version.py
├── LICENSE
├── noxfile.py
├── README.rst
├── requirements
│   ├── base.txt
│   └── tests.in
├── setup.py
└── tests
    ├── __init__.py
    ├── integration
    │   ├── acct
    │   ├── conftest.py
    │   ├── exec
    │   ├── __init__.py
    │   ├── states
    │   └── tool
    └── unit
        ├── acct
        ├── conftest.py
        ├── exec
        ├── __init__.py
        ├── states
        └── tool

Installation

Install your new project with pip, it needs to be added to the python environment.

pip install -e {project_root}

After installation the new Idem Cloud Provider execution and state modules will be accessible to the pop hub.

You can verify with pop-tree. Pop-tree shows you what is on the hub. Exec –add -sub idem is saying I want shows the exec sub, and add idem to the hub before I show exec modules; because pop-tree needs to be aware of what’s on the hub before it can show you anything.

pip install pop-tree

# Show the exec modules that properly app-merged onto the hub
pop-tree exec --add-sub idem

output:

exec:
----------
{simple_service_name}:
    ----------
    init:
        |_
        |_
test:
    |_
      - ctx
      - ping
    |_

Authenticating with idem-cloud

No matter what you use for your authentication method, in the end they all need to be interchangeable when we are calling exec modules. For example, let’s say I want all my plugins to authenticate with aiohttp, but I want one plugin to handle username and password authentication, and I want to make another plugin that handles authentication with an api token. Under the hood they’re both creating an aiohttp session, but they’re using credentials in different ways.

Or maybe we want to have an account plugin that authenticates with a cookie, and that’s a completely different way of using an aiohttp session, but on the back end it’s the same, and it will be the same to exec modules, that are calling the api methods. You could use a plain request library or httpx, or something else. Account plugins is where you can handle all those differences, and have different ways of authenticating.

That’s the reason you’d want different account plugins; for different ways of authenticating to the same service.

In idem aws we’re using different account plugins, because you can authenticate with gsuite, iamroles, raw botocore; you can get your credentials from the command line awscli. You can get aws credentials so many different ways, but under the hood, all the account plugins for idem-aws end up creating a boto core session.

Keep that in mind with whatever your cloud is. You can make as many plugins to authenticate as you need; and on the backend they need to create the same interface for exec modules to interact with.

Edit the file at {project_name}/acct/{simple_cloud_name}/basic_auth.py This is where you can customize authentication to your cloud. You can create other plugins in this directory that authenticate in different ways to the same cloud.

After installing idem with pip; acct, exec, and state modules will be accessible to the pop hub. In order to use them we need to set up our credentials.

Create a new file called credentials.yaml, appropriately named, as you populate it with credentials. The “default” profile will be used automatically by idem unless you specify one with –acct-profile=profile_name on the idem cli.

There are many ways providers/profiles can be stored. See acct backends for more information.

This is an example of what is looks like; This is the file name:

credentials.yaml

And these are the contents of the file:

{simple_service_name}.basic_auth:
  default:
    username: my_user
    password: my_pass

Now encrypt the credentials file and add the encryption key and encrypted file path to the ENVIRONMENT.

The acct command should be available as it is a requisite of idem.

This is an example of how to encrypt the credential file.

acct encrypt credentials.yaml

output:

-A9ZkiCSOjWYG_lbGmmkVh4jKLFDyOFH4e4S1HNtNwI=

This is how you add these to your environment; Use a variable assigned to the value of the output, and second variable assigned to value of the path to the encrypted fernet file.

export ACCT_KEY="-A9ZkiCSOjWYG_lbGmmkVh4jKLFDyOFH4e4S1HNtNwI="
export ACCT_FILE=$PWD/credentials.yaml.fernet

Idem will now be able to read these credentials for authentication to your cloud!

Exec modules

functions placed in {project_name}/exec/{simple_service_name}/ will appear on the hub under. hub.exec.{simple_service_name}.*. The directory structure under exec is arbitrary to idem, so use it to keep your functions organized. Do NOT put all your functions in one giant file. That is not very pop.

The directory structure affects where functions are placed on the hub, and how they are referenced on the CLI.

If you create a function called get in {project_name}/exec/{simple_service_name}/instance, it can be called from the hub within code like so:

hub.exec.simple_service_name.instance.get("instance_name")

It could be called from the idem cli like this:

idem exec {simple_service_name}.instance.get instance_name

The profile you want to use from your encrypted credentials file can be specified on the command line when calling an exec module directly. The default is to use the profile named “default”.

idem exec --acct-profile my-staging-env {simple_service_name}.instance.list

States

A profile can be specified for use with a specific state. If no profile is specified, the profile called “default”, if one exists, will be used:

ensure_user_exists:
  {simple_service_name}.user.present:
    - acct_profile: my-staging-env
    - name: a_user_name
    - kwarg1: val1

It can also be specified from the command line when executing states.

idem state --acct-profile my-staging-env my_state.sls

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pop-create-idem-2.0.1.tar.gz (30.5 kB view details)

Uploaded Source

Built Distribution

pop_create_idem-2.0.1-py3-none-any.whl (41.9 kB view details)

Uploaded Python 3

File details

Details for the file pop-create-idem-2.0.1.tar.gz.

File metadata

  • Download URL: pop-create-idem-2.0.1.tar.gz
  • Upload date:
  • Size: 30.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.63.0 importlib-metadata/4.11.2 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for pop-create-idem-2.0.1.tar.gz
Algorithm Hash digest
SHA256 9ebc0d76b425853f31d14ccd0268cf811bdcae97e322cfb589435b3d6efb9b21
MD5 8906d5700a6e0e1aaec5a5e0db1afc76
BLAKE2b-256 398077ebc2d64f2eb707c4987592fdd33034535b7e6c128ab15ca9de85845dd4

See more details on using hashes here.

File details

Details for the file pop_create_idem-2.0.1-py3-none-any.whl.

File metadata

  • Download URL: pop_create_idem-2.0.1-py3-none-any.whl
  • Upload date:
  • Size: 41.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.63.0 importlib-metadata/4.11.2 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.9.10

File hashes

Hashes for pop_create_idem-2.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2e701b6e1abdf399c7e437f852728218a4b859e6d799b13e60b881cf09a3275f
MD5 5fed7ace975f19a7117a575531a91580
BLAKE2b-256 f1605b6f1e229dcf648b35e2a782ea9c6c4f4ec48c296d426413a0ebe5279fb0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page