First stab at a re-write. #1
Conversation
|
Looks good, but I'm not a python language lawyer. |
| return str(args.domain + '_csr_config') | ||
|
|
||
|
|
||
| def main(args): |
There was a problem hiding this comment.
Seems to me like there's too much implementation logic in the main() function. I'd try to move a lot of this to functions and keep only business logic in main(). Maybe you could create one function for each args.command.
There was a problem hiding this comment.
Here's an example of how it could be implemented https://github.com/pre-commit/pre-commit/blob/main/pre_commit/main.py#L349-L355
There was a problem hiding this comment.
+1 to keeping main() down to a small set of function calls.
There was a problem hiding this comment.
Also consider trapping the case where command is not in the expected set of commands. Don't really see where that is documented and/or output to the user.
Co-authored-by: Daniel Hoherd <[email protected]>
| try: | ||
| os.stat(file).st_size > 1 | ||
| except: | ||
| return False | ||
| else: | ||
| return file |
There was a problem hiding this comment.
| try: | |
| os.stat(file).st_size > 1 | |
| except: | |
| return False | |
| else: | |
| return file | |
| try: | |
| return os.stat(file).st_size > 1 or file | |
| except FileNotFoundError: | |
| return False |
There was a problem hiding this comment.
Actually that may not be right. A docstring would be helpful to define the desired behavior. I think I misinterpreted it.
There was a problem hiding this comment.
This is suppoed to check that the file exists and is not empty.
| try: | ||
| subprocess.call(['openssl', 'rsa', '-in', | ||
| args.key, '-check']) | ||
| except: |
There was a problem hiding this comment.
I think this should be, but I'm not 100% sure.
| except: | |
| except subprocess.CalledProcessError: |
| """ | ||
|
|
||
|
|
||
| def check_file(file): |
There was a problem hiding this comment.
The name check_file is ambiguous... what are you checking? Consider a name file_exists so your code reads more naturally, ex. if file_exists():
There was a problem hiding this comment.
Aaaand I just realized this is already a library function: os.path.exists() for any path, pathlib.Path.is_file() for files in particular.
There was a problem hiding this comment.
Also the file parameter is a bit ambiguous. Are you looking for a file_name with a string representation, a path-like object, an actual file object?
Can document in code by checking your parameter first thing in the code: if not isinstance(file, str): raise TypeError.
In general, good practice to check your parameters before using them, to make debugging easier.
| except: | ||
| return False | ||
| else: | ||
| return file |
There was a problem hiding this comment.
I see two different types being returned by this function: bool False and str file.
Choose one and stick with it. Looks like you want bool here.
There was a problem hiding this comment.
If it returns true how does that affect argparse value?
| return file | ||
|
|
||
|
|
||
| def check_domain(input): |
There was a problem hiding this comment.
Same comments as earlier:
- what are you checking for? consider
is_domain - what type is input?
There was a problem hiding this comment.
Two things. Check if it is a domain or if it is a file with domains. Maybe I should create 2 flags rather then combining them in one?
| CN = domain.strip().lower() | ||
| domain = fp.readline() | ||
| count += 1 | ||
| elif 1 <= count <= 100: |
There was a problem hiding this comment.
Suggest creating a named constant at the top of the file instead of burying 100 here, to make maintenance easier. ex. MAX_DOMAINS = 100
| env = Environment(loader=file_loader) | ||
|
|
||
|
|
||
| description = """ |
There was a problem hiding this comment.
PEP8 says constants should be named in all caps.
There was a problem hiding this comment.
NIT: mixed use of single-quote and double-quotes throughout this file.
| def gen_csr_config(args, config_file): | ||
| tm = env.get_template(config_file) | ||
| print(config_file) | ||
| SANS = list() |
There was a problem hiding this comment.
All-caps variable names are generally used for constants. Suggest sans here.
| print(config_file) | ||
| SANS = list() | ||
| print("Generating CSR configuration..") | ||
| if type(args.domain) is tuple: |
There was a problem hiding this comment.
instanceof() is permissive of subclasses whereas type() is requires exact match. Consider using instanceof() in most cases.
| if type(args.domain) is tuple: | ||
| domain_file, is_file = args.domain | ||
| with open(domain_file) as fp: | ||
| domain = fp.readline() |
There was a problem hiding this comment.
Suggest using for domain in fp: instead of this combo of readline() and a while-loop. Code ends up much simpler & easier to maintain.
| if args.key: | ||
| if check_file(args.key): | ||
| try: | ||
| subprocess.call(['openssl', 'rsa', '-in', |
There was a problem hiding this comment.
Here and elsewhere: suggest checking & printing stderr and/or return code from any subprocess call / run. This allows you to debug why something fails much more easily.
| def main(args): | ||
| if args.command == 'csr': | ||
| # Look for csrgen config files | ||
| config_file_search = fnmatch.filter(os.listdir(), "*_gen_config") |
There was a problem hiding this comment.
I see _gen_config in quite a few places. Consider replacing it with a named constant for maintainability.
| if args.command == 'config': | ||
| tm = Template(config_template) | ||
| config_file_name = args.org + "_gen_config" | ||
| print("Creating config template file: {filename}".format( |
There was a problem hiding this comment.
NIT use an f-string instead of "".format()
ex. print(f"creating {config_file_name}")
| config_file_name = args.org + "_gen_config" | ||
| print("Creating config template file: {filename}".format( | ||
| filename=config_file_name)) | ||
| config_file = open(config_file_name, "w") |
There was a problem hiding this comment.
Prefer with open() as f: to calling open and close separately.
| domain = args.domain | ||
| CN = domain.strip().lower() | ||
|
|
||
| generated_csr_config = open(args.domain + '_csr_config', 'w') |
There was a problem hiding this comment.
Prefer with open() as f: to calling open and close separately.
No description provided.