add mypy checking; change TunnelState enum repr

micro-nova · Jun 4, 2024 · 04d67e2 · 04d67e2
1 parent 103e451
commit 04d67e2
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 16 deletions.
diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml
@@ -0,0 +1,14 @@
+name: mypy
+on: 
+  pull_request:
+  push:
+    branches:
+      - main
+jobs:
+  mypy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - run: pip install -r requirements.txt
+      - run: pip install mypy
+      - run: mypy --install-types --non-interactive --explicit-package-bases --disable-error-code import-untyped .
diff --git a/admin/cli.py b/admin/cli.py
@@ -203,7 +203,7 @@ def gc(c):
         t = get_tunnel(tunnel_id)
         if not t or t['state'] in [TunnelState.completed, TunnelState.timedout]:
             print(
-                f"tunnel {tunnel_id} may have running resources. destroying {n.id}")
+                f"tunnel {tunnel_id} may have running resources. destroying instance id {n.id}")
             destroy_ts_resources(tunnel_id)
 
 

diff --git a/admin/cloud.py b/admin/cloud.py
@@ -60,9 +60,9 @@ def _create_ts_network_interfaces() -> list[compute_v1.NetworkInterface]:
     netiface.network = f"global/networks/support-tunnel-{ENV}"
     netiface.subnetwork = f"regions/{REGION}/subnetworks/ts-{ENV}"
     access = compute_v1.AccessConfig()
-    access.type_ = compute_v1.AccessConfig.Type.ONE_TO_ONE_NAT.name
+    access.type_ = "ONE_TO_ONE_NAT"
     access.name = "External NAT"
-    access.network_tier = access.NetworkTier.PREMIUM.name
+    access.network_tier = "PREMIUM"
     netiface.access_configs = [access]
     return [netiface]
 

diff --git a/api/models.py b/api/models.py
@@ -25,7 +25,7 @@ class Tunnel(SQLModel, table=True):
     """
     id: Optional[int] = Field(default=None, primary_key=True)
     tunnel_id: UUID4
-    state: TunnelState = Field(default='pending')
+    state: TunnelState = Field(default=TunnelState.pending)
     # used for storing case #, customer details, etc
     description: Optional[str]
     created_at: datetime.datetime = Field(

diff --git a/common/crypto.py b/common/crypto.py
@@ -10,8 +10,8 @@ def create_secret_box(priv: str, pub: str, json_str: str) -> EncryptedMessage:
     """ Creates a secret box given base64 encoded priv and pub keys, and 
         a string of hopefully json.
     """
-    private_key = PrivateKey(priv, encoder=Base64Encoder)
-    public_key = PublicKey(pub, encoder=Base64Encoder)
+    private_key = PrivateKey(priv.encode('ascii'), encoder=Base64Encoder)
+    public_key = PublicKey(pub.encode('ascii'), encoder=Base64Encoder)
     box = Box(private_key, public_key)
     secret_box = box.encrypt(json_str.encode(
         encoding='ascii'), encoder=Base64Encoder)
@@ -20,9 +20,9 @@ def create_secret_box(priv: str, pub: str, json_str: str) -> EncryptedMessage:
 
 def open_secret_box(priv: str, pub: str, box: str) -> SupportSecretBoxContents:
     """ Opens a secret box, given base64 encoded priv and pub keys. """
-    private_key = PrivateKey(priv, encoder=Base64Encoder)
-    public_key = PublicKey(pub, encoder=Base64Encoder)
+    private_key = PrivateKey(priv.encode('ascii'), encoder=Base64Encoder)
+    public_key = PublicKey(pub.encode('ascii'), encoder=Base64Encoder)
     b = Box(private_key, public_key)
-    secret_box_str = b.decrypt(box, encoder=Base64Encoder).decode('utf-8')
+    secret_box_str = b.decrypt(box.encode('ascii'), encoder=Base64Encoder).decode('utf-8')
     secret_box_dict = json.loads(secret_box_str)
     return SupportSecretBoxContents(**secret_box_dict)
diff --git a/common/models.py b/common/models.py
@@ -10,13 +10,17 @@
 from wireguard_tools import WireguardConfig, WireguardKey
 
 
-class TunnelState(str, Enum):
-    pending = 'pending'  # waiting on admin approval
-    started = 'started'  # tunnel server has launched, waiting for device to connect
-    running = 'running'  # device has started a tunnel, created a user and posted these details
-    connected = 'connected'  # communications are occurring; TODO: is this necessary?
-    completed = 'completed'  # exited successfully
-    timedout = 'timedout'  # the tunnel exceeded its maximum lifetime
+class TunnelState(int, Enum):
+    """ Describes a tunnel state. Behind the scenes, this is represented with integers;
+        this permits us to ensure we never move backwards in this process with simple
+        greater than/less than comparisons.
+    """
+    pending = 10  # waiting on admin approval
+    started = 20  # tunnel server has launched, waiting for device to connect
+    running = 30  # device has started a tunnel, created a user and posted these details
+    connected = 40  # communications are occurring; TODO: actually set & use this state
+    completed = 50  # exited successfully
+    timedout = 60  # the tunnel exceeded its maximum lifetime
 
 
 class WireguardPeer(SQLModel):

diff --git a/device/cli.py b/device/cli.py
@@ -204,6 +204,7 @@ def connect(original_context, tunnel_id: UUID4):
             sesh.commit()
 
             assert t1.ts_wg_public_key
+            assert t1.support_secret_box
             # configure user from secretbox data
             sb = open_secret_box(
                 t1.device_wg_private_key,
@@ -308,6 +309,16 @@ def detail_all_tunnels(c):
         print(json.dumps(tunnels))
 
 
+def update_local_tunnel_statuses():
+    """ Updates local tunnel statuses from upstream
+    TODO: implement this
+    with Session(engine) as sesh:
+        t = get_device_tunnel(tunnel_id, sesh)
+        tunnel_details = get_tunnel_details(t)
+    """
+    pass
+
+
 @task
 def gc(c):
     """ Garbage collects all resources associated with old tunnels. """