✨ Payments service: interface with payments-gateway (part 1) (devops ⚠️)

.env-devel

@@ -53,17 +53,19 @@ INVITATIONS_USERNAME=admin
 
 LOG_FORMAT_LOCAL_DEV_ENABLED=1
 
+PAYMENTS_ACCESS_TOKEN_EXPIRE_MINUTES=30
+PAYMENTS_ACCESS_TOKEN_SECRET_KEY=2c0411810565e063309be1457009fb39ce023946f6a354e6935107b57676
 PAYMENTS_FAKE_COMPLETION_DELAY_SEC=10
 PAYMENTS_FAKE_COMPLETION=0 # NOTE: this can be 1 ONLY if WEBSERVER_DEV_FEATURES_ENABLED=1
+PAYMENTS_GATEWAY_API_KEY=replace-with-api-key
+PAYMENTS_GATEWAY_API_SECRET=replace-with-api-secret
 PAYMENTS_GATEWAY_URL=http://fake-payment-gateway.com
 PAYMENTS_HOST=payments
 PAYMENTS_LOGLEVEL=INFO
 PAYMENTS_PASSWORD=adminadmin
 PAYMENTS_PORT=8000
-PAYMENTS_SECRET_KEY='REPLACE_ME_with_result__Fernet_generate_key='
 PAYMENTS_USERNAME=admin
 
-
 POSTGRES_DB=simcoredb
 POSTGRES_ENDPOINT=postgres:5432
 POSTGRES_HOST=postgres

Makefile

@@ -319,6 +319,7 @@ printf "$$rows" "Redis" "http://$(get_my_ip).nip.io:18081";\
 printf "$$rows" "Dask Dashboard" "http://$(get_my_ip).nip.io:8787";\
 printf "$$rows" "Docker Registry" "$${REGISTRY_URL}" $${REGISTRY_USER} $${REGISTRY_PW};\
 printf "$$rows" "Invitations" "http://$(get_my_ip).nip.io:8008/dev/doc" $${INVITATIONS_USERNAME} $${INVITATIONS_PASSWORD};\
+printf "$$rows" "Payments" "http://$(get_my_ip).nip.io:8011/dev/doc" $${PAYMENTS_USERNAME} $${PAYMENTS_PASSWORD};\
 printf "$$rows" "Rabbit Dashboard" "http://$(get_my_ip).nip.io:15672" admin adminadmin;\
 printf "$$rows" "Traefik Dashboard" "http://$(get_my_ip).nip.io:8080/dashboard/";\
 printf "$$rows" "Storage S3 Filestash" "http://$(get_my_ip).nip.io:9002" 12345678 12345678;\

packages/models-library/src/models_library/utils/pydantic_tools_extension.py

@@ -1,5 +1,5 @@
 import functools
-from typing import TypeVar
+from typing import Final, TypeVar
 
 from pydantic import Field, ValidationError
 from pydantic.tools import parse_obj_as
@@ -17,4 +17,12 @@ def parse_obj_or_none(type_: type[T], obj) -> T | None:
 #
 # NOTE: Helper to define non-nullable optional fields
 # SEE details in test/test_utils_pydantic_tools_extension.py
-FieldNotRequired = functools.partial(Field, default=None)
+#
+# Two usage styles:
+#
+# class Model(BaseModel):
+#     value: FieldNotRequired(description="some optional field")
+#     other: Field(NOT_REQUIRED, description="alternative")
+#
+NOT_REQUIRED: Final = None
+FieldNotRequired = functools.partial(Field, default=NOT_REQUIRED)

packages/pytest-simcore/src/pytest_simcore/rabbit_service.py

@@ -10,12 +10,12 @@
 import pytest
 import tenacity
 from servicelib.rabbitmq import RabbitMQClient, RabbitMQRPCClient
-from settings_library.basic_types import PortInt
 from settings_library.rabbit import RabbitSettings
 from tenacity.before_sleep import before_sleep_log
 from tenacity.stop import stop_after_attempt
 from tenacity.wait import wait_fixed
 
+from .helpers.typing_env import EnvVarsDict
 from .helpers.utils_docker import get_localhost_ip, get_service_published_port
 
 _logger = logging.getLogger(__name__)
@@ -33,27 +33,30 @@ async def wait_till_rabbit_responsive(url: str) -> None:
 
 
 @pytest.fixture
-async def rabbit_settings(
+def rabbit_env_vars_dict(
     docker_stack: dict,
     testing_environ_vars: dict,
-) -> RabbitSettings:
-    """Returns the settings of a rabbit service that is up and responsive"""
-
+) -> EnvVarsDict:
     prefix = testing_environ_vars["SWARM_STACK_NAME"]
     assert f"{prefix}_rabbit" in docker_stack["services"]
 
     port = get_service_published_port("rabbit", testing_environ_vars["RABBIT_PORT"])
 
-    settings = RabbitSettings(
-        RABBIT_USER=testing_environ_vars["RABBIT_USER"],
-        RABBIT_PASSWORD=testing_environ_vars["RABBIT_PASSWORD"],
-        RABBIT_HOST=get_localhost_ip(),
-        RABBIT_PORT=PortInt(port),
-        RABBIT_SECURE=testing_environ_vars["RABBIT_SECURE"],
-    )
+    return {
+        "RABBIT_USER": testing_environ_vars["RABBIT_USER"],
+        "RABBIT_PASSWORD": testing_environ_vars["RABBIT_PASSWORD"],
+        "RABBIT_HOST": get_localhost_ip(),
+        "RABBIT_PORT": f"{port}",
+        "RABBIT_SECURE": testing_environ_vars["RABBIT_SECURE"],
+    }
 
-    await wait_till_rabbit_responsive(settings.dsn)
 
+@pytest.fixture
+async def rabbit_settings(rabbit_env_vars_dict: EnvVarsDict) -> RabbitSettings:
+    """Returns the settings of a rabbit service that is up and responsive"""
+
+    settings = RabbitSettings.parse_obj(rabbit_env_vars_dict)
+    await wait_till_rabbit_responsive(settings.dsn)
     return settings
 
 

packages/service-library/src/servicelib/rabbitmq/__init__.py

@@ -1,7 +1,11 @@
 from ._client import RabbitMQClient
 from ._client_rpc import RabbitMQRPCClient
 from ._constants import BIND_TO_ALL_TOPICS
-from ._errors import RemoteMethodNotRegisteredError, RPCNotInitializedError
+from ._errors import (
+    RemoteMethodNotRegisteredError,
+    RPCNotInitializedError,
+    RPCServerError,
+)
 from ._models import RPCMethodName, RPCNamespace
 from ._rpc_router import RPCRouter
 from ._utils import wait_till_rabbitmq_responsive
@@ -15,5 +19,8 @@
     "RPCNamespace",
     "RPCNotInitializedError",
     "RPCRouter",
+    "RPCServerError",
     "wait_till_rabbitmq_responsive",
 )
+
+# nopycln: file

packages/service-library/src/servicelib/rabbitmq/_errors.py

@@ -23,6 +23,4 @@ class RemoteMethodNotRegisteredError(BaseRPCError):
 
 
 class RPCServerError(BaseRPCError):
-    msg_template = (
-        "Unhandled error while running method '{exc_type}:{method_name}': '{msg}'"
-    )
+    msg_template = "Raised '{exc_type}' while running '{method_name}' method: {msg}"

packages/service-library/src/servicelib/utils_secrets.py

@@ -13,6 +13,16 @@ def generate_password(length: int = MIN_PASSWORD_LENGTH) -> str:
     return "".join(secrets.choice(_ALPHABET) for _ in range(length))
 
 
+_MIN_SECRET_NUM_BYTES = 32
+
+
+def generate_token_secret_key(nbytes: int = _MIN_SECRET_NUM_BYTES) -> str:
+    """Equivalent to generating a random password with openssl in hex format
+    openssl rand -hex 32
+    """
+    return secrets.token_hex(nbytes)
+
+
 MIN_PASSCODE_LENGTH = 6
 
 
@@ -29,3 +39,8 @@ def generate_passcode(number_of_digits: int = MIN_PASSCODE_LENGTH) -> str:
     number_of_digits = max(number_of_digits, MIN_PASSCODE_LENGTH)
     passcode = secrets.randbelow(10**number_of_digits)
     return f"{passcode}".zfill(number_of_digits)
+
+
+def are_secrets_equal(got: str, expected: str) -> bool:
+    """Constant-time evaluation of 'got == expected'"""
+    return secrets.compare_digest(got.encode("utf8"), expected.encode("utf8"))

packages/service-library/tests/test_utils_secrets.py

@@ -1,13 +1,17 @@
+# pylint: disable=protected-access
 # pylint: disable=redefined-outer-name
+# pylint: disable=too-many-arguments
 # pylint: disable=unused-argument
 # pylint: disable=unused-variable
-# pylint: disable=too-many-arguments
 
 from servicelib.utils_secrets import (
+    _MIN_SECRET_NUM_BYTES,
     MIN_PASSCODE_LENGTH,
     MIN_PASSWORD_LENGTH,
+    are_secrets_equal,
     generate_passcode,
     generate_password,
+    generate_token_secret_key,
 )
 
 
@@ -50,3 +54,14 @@ def test_generate_passcode():
 
     # passcode is a number
     assert int(generate_passcode()) >= 0
+
+
+def test_compare_secrets():
+    passcode = generate_passcode(100)
+    assert not are_secrets_equal(got="foo", expected=passcode)
+    assert are_secrets_equal(got=passcode, expected=passcode)
+
+
+def test_generate_token_secrets():
+    secret_key = generate_token_secret_key()
+    assert len(secret_key) == 2 * _MIN_SECRET_NUM_BYTES

services/docker-compose.yml

@@ -204,12 +204,21 @@ services:
     networks:
       - default
     environment:
-      - PAYMENTS_LOGLEVEL=${LOG_LEVEL:-INFO}
-      - PAYMENTS_SECRET_KEY=${PAYMENTS_SECRET_KEY}
+      - LOG_FORMAT_LOCAL_DEV_ENABLED=${LOG_FORMAT_LOCAL_DEV_ENABLED}
+      - PAYMENTS_ACCESS_TOKEN_EXPIRE_MINUTES=${PAYMENTS_ACCESS_TOKEN_EXPIRE_MINUTES}
+      - PAYMENTS_ACCESS_TOKEN_SECRET_KEY=${PAYMENTS_ACCESS_TOKEN_SECRET_KEY}
+      - PAYMENTS_GATEWAY_API_KEY=${PAYMENTS_GATEWAY_API_KEY}
+      - PAYMENTS_GATEWAY_API_SECRET=${PAYMENTS_GATEWAY_API_SECRET}
       - PAYMENTS_GATEWAY_URL=${PAYMENTS_GATEWAY_URL}
-      - PAYMENTS_USERNAME=${PAYMENTS_USERNAME}
+      - PAYMENTS_LOGLEVEL=${PAYMENTS_LOGLEVEL}
       - PAYMENTS_PASSWORD=${PAYMENTS_PASSWORD}
-      - LOG_FORMAT_LOCAL_DEV_ENABLED=${LOG_FORMAT_LOCAL_DEV_ENABLED}
+      - PAYMENTS_USERNAME=${PAYMENTS_USERNAME}
+      - RABBIT_HOST=${RABBIT_HOST}
+      - RABBIT_PASSWORD=${RABBIT_PASSWORD}
+      - RABBIT_PORT=${RABBIT_PORT}
+      - RABBIT_SECURE=${RABBIT_SECURE}
+      - RABBIT_USER=${RABBIT_USER}
+
 
   resource-usage-tracker:
     image: ${DOCKER_REGISTRY:-itisfoundation}/resource-usage-tracker:${DOCKER_IMAGE_TAG:-latest}

services/payments/Makefile

@@ -10,7 +10,7 @@ include ../../scripts/common-service.Makefile
 
 .PHONY: openapi.json
 openapi-specs: openapi.json
-openapi.json: .env ## produces openapi.json
+openapi.json: ## produces openapi.json
 	# generating openapi specs file (need to have the environment set for this)
 	@set -o allexport; \
 	source .env; \

services/payments/README.md

@@ -1,3 +1,5 @@
 # payments
 
+  ![[doc/payments.drawio.svg]]
+
   - SEE https://github.com/ITISFoundation/osparc-simcore/issues/4657