Forem: Alexander Lavrov The latest articles on Forem by Alexander Lavrov (@egnod). https://forem.com/egnod https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F245393%2F023d7bb7-e1a2-4be6-bdf1-91c78133bc68.jpg Forem: Alexander Lavrov https://forem.com/egnod en How I taught and then wrote a Python tutorial Alexander Lavrov Sun, 05 Sep 2021 18:14:31 +0000 https://forem.com/egnod/how-i-taught-and-then-wrote-a-python-tutorial-4jnl https://forem.com/egnod/how-i-taught-and-then-wrote-a-python-tutorial-4jnl <p>Last year I worked as a teacher in one of the provincial training centers (hereinafter referred to as the TC) specializing in programming training. I will not name this training center, I will also try to do without the names of companies, the names of authors, etc.</p> <p>So, I worked as a teacher in Python and Java. This TC bought methodological materials for Java, and they launched Python when I came and offered it to them.</p> <p>A manual for students (in fact, a textbook or a self-help guide) I wrote on Python, but the teaching of Java and the methodological materials that were used there had no small impact.</p> <p>To say that they were terrible is to say nothing. The modus of the Java textbook, which is supplied by a very well-known company in Russia, was not to teach a person the basics of this language in general and the OOP paradigm in particular, but to make parents who came to open lessons see how their son or daughter copied a snake or chess from the textbook. Why do I say written off? Very simply, the fact is that the textbook provided entire sheets (A4) of code, some points of which were not explained. As a result, the teacher either has to control at what point in the code each student is currently located, explaining each line, or everything slides into cheating.</p> <p>You will say: "Well, what's wrong, let the teacher work better, and chess and the snake are finally cool!"</p> <p>Well, everything would be cool if the number of people in the group was not under 15, and this is already significant if you are going to follow everyone, explaining: "And yet, what are we writing this?"</p> <p>In addition to the number of people in the group, there is another problem associated with this manual. The code is written... how should I tell you, just awful. A set of anti-moderns, archaic, since the textbook has not been updated for a long time, and our favourite, of course, is the style guide. Therefore, even if you control all your wards and can quickly and clearly explain to them what the code being written off means, the code itself is so terrible that it will teach them the wrong thing, to put it mildly.</p> <p>Well, the finale that literally destroys this textbook - from the very beginning there is no at least some adequate introduction explaining what data types are, that they are object and primitive, what criterion checks the property that generates this dichotomy, etc. In the first chapter, you and your students are invited to make (write off) a program that makes a window and writes "Hello!" there, but it does not explain what this code sheet actually means, only links to further classes, for example, "main" is mentioned — the entry point, but the very concept of "entry point"is not even mentioned.</p> <p>To sum up, this waste paper was a meme even among teachers and management. She did not teach the children absolutely nothing, once I came across a group that had been studying for a year on these materials, as a result, they could not even write a cycle, I note that they were all very smart and soon everything was not so bad. Most colleagues tried to deviate from the methodological materials so that the material was absorbed, and not just flew into the air, although there were less conscientious people who considered it normal that their student writes off without any explanations.</p> <p>When it became clear that I would leave the UC, and the Python program should somehow be continued next year, I began to write my textbook. In short, I divided it into two parts, in the first I explained everything about data types, their essence, operations with them and language instructions. Between the topics, I did QnA so that the future teacher could understand how the student learned the topic. Well, in the end, I did a small task-a project. The first part explains the basics of the language in this way and chews them, which is about 12-13 lessons of 30-40 minutes each. In the second part, I have already written about OOP, described how the implementation of this paradigm in Python differs from most others, made many links to the style guide, etc. To summarize — I tried to be as different as possible from what was in the Java tutorial. I recently wrote to the current Python teacher, asked for feedback on the materials, and now I am glad that everything is fine, that the children really understand Python programming.</p> <p>What conclusion I would like to draw from this story: my dear parents, if you decide to send your child to the UC, then carefully monitor what they are doing, that your child is not wasting time in vain, so as not to discourage him from programming in the future.</p> <p>UPD: As you correctly noticed in the comments, I said almost nothing about the submission of the material. I will say right away that I believe that there should be more practice, as much as possible. At the end of each lesson in the first part, I did 4-5 small practical tasks on the topic of the chapter. Between the chapters there were QnA (control lessons), where there were also practical, but already evaluated tasks, as well as at the end of the first part there was a project with a topic to choose from. In the second part, I made an introduction to OOP through the creation of a mini-game console, the development of which was the entire second part and the entire introduction to the paradigm.</p> experience python tutor teaching Sitri = Vault + Pydantic: continuation of the saga, local development. Alexander Lavrov Tue, 15 Dec 2020 21:55:24 +0000 https://forem.com/egnod/sitri-vault-pydantic-continuation-of-the-saga-local-development-27h0 https://forem.com/egnod/sitri-vault-pydantic-continuation-of-the-saga-local-development-27h0 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--MktND8Xl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://habrastorage.org/webt/y1/ul/v_/y1ulv_0bvlzlcmj1-z9mun6sl58.jpeg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--MktND8Xl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://habrastorage.org/webt/y1/ul/v_/y1ulv_0bvlzlcmj1-z9mun6sl58.jpeg" alt="" width="880" height="587"></a></p> <h1> Background </h1> <p>In the previous article I wrote about how to configure your application using <a href="https://sitri.readthedocs.io/en/latest/">Sitri</a>, however, I missed the point with local development, since you will agree that it is not very convenient deploying a Vault locally, and storing a local config in a common Vault, especially if several people are working on a project, is doubly inconvenient.</p> <p>In <a href="https://sitri.readthedocs.io/en/latest/">Sitri</a> this problem is solved quite simply - using the local mode for your settings classes, that is, you do not even have to rewrite anything or duplicate code, and the structure json file for local mode will almost completely repeat the structure of secrets.</p> <p>So, well, now, let's add literally a couple of lines of code to our <a href="https://github.com/Egnod/article_sitri_vault_pydantic">project</a> + I'll show you how you can work with all this if your project is run locally in docker-compose...</p> <h1> Preparing the code </h1> <p>To begin with, let's agree that local_mode is true when <em>ENV</em> = "local" :) </p> <p>Next, I propose to slightly edit our <em>provider_config.py</em> and create a <em>BaseConfig</em> class there from which we will inherit in our <em>Config</em> settings classes. We will do this in order not to duplicate the code, that is, the settings classes themselves will contain only what is specific to them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">hvac</span> <span class="kn">from</span> <span class="nn">sitri.providers.contrib.system</span> <span class="kn">import</span> <span class="n">SystemConfigProvider</span> <span class="kn">from</span> <span class="nn">sitri.providers.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVConfigProvider</span> <span class="kn">from</span> <span class="nn">sitri.settings.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVSettings</span> <span class="n">configurator</span> <span class="o">=</span> <span class="n">SystemConfigProvider</span><span class="p">(</span><span class="n">prefix</span><span class="o">=</span><span class="s">"superapp"</span><span class="p">)</span> <span class="n">ENV</span> <span class="o">=</span> <span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"env"</span><span class="p">)</span> <span class="n">is_local_mode</span> <span class="o">=</span> <span class="n">ENV</span> <span class="o">==</span> <span class="s">"local"</span> <span class="n">local_mode_file_path</span> <span class="o">=</span> <span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"local_mode_file_path"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">vault_client_factory</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">hvac</span><span class="p">.</span><span class="n">Client</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="n">hvac</span><span class="p">.</span><span class="n">Client</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"vault_api"</span><span class="p">))</span> <span class="n">client</span><span class="p">.</span><span class="n">auth_approle</span><span class="p">(</span> <span class="n">role_id</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"role_id"</span><span class="p">),</span> <span class="n">secret_id</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"secret_id"</span><span class="p">),</span> <span class="p">)</span> <span class="k">return</span> <span class="n">client</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">VaultKVConfigProvider</span><span class="p">(</span> <span class="n">vault_connector</span><span class="o">=</span><span class="n">vault_client_factory</span><span class="p">,</span> <span class="n">mount_point</span><span class="o">=</span><span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'app_name'</span><span class="p">)</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">ENV</span><span class="si">}</span><span class="s">"</span><span class="p">,</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">BaseConfig</span><span class="p">(</span><span class="n">VaultKVSettings</span><span class="p">.</span><span class="n">VaultKVSettingsConfig</span><span class="p">):</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="n">local_mode</span> <span class="o">=</span> <span class="n">is_local_mode</span> <span class="n">local_provider_args</span> <span class="o">=</span> <span class="p">{</span><span class="s">"json_path"</span><span class="p">:</span> <span class="n">local_mode_file_path</span><span class="p">}</span> </code></pre> </div> <p>A bit about <em>local_provider_args</em> in this field we specify the arguments for creating an instance of <em>JsonConfigProvider</em>, they will be validated and this dictionary must match the schema, so don't worry - this is not some dirty trick. However, if you want to create an instance of the local provider yourself, then you just put it in the optional <em>local_provider</em> field.</p> <p>Now, we can easily inherit the config classes from the base one. For example, a settings class for connecting to Kafka would look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Any</span><span class="p">,</span> <span class="n">Dict</span> <span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">Field</span> <span class="kn">from</span> <span class="nn">sitri.settings.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.provider_config</span> <span class="kn">import</span> <span class="n">BaseConfig</span><span class="p">,</span> <span class="n">configurator</span> <span class="k">class</span> <span class="nc">KafkaSettings</span><span class="p">(</span><span class="n">VaultKVSettings</span><span class="p">):</span> <span class="n">mechanism</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...,</span> <span class="n">vault_secret_key</span><span class="o">=</span><span class="s">"auth_mechanism"</span><span class="p">)</span> <span class="n">brokers</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">auth_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">(</span><span class="n">BaseConfig</span><span class="p">):</span> <span class="n">default_secret_path</span> <span class="o">=</span> <span class="s">"kafka"</span> <span class="n">default_mount_point</span> <span class="o">=</span> <span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'app_name'</span><span class="p">)</span><span class="si">}</span><span class="s">/common"</span> <span class="n">local_mode_path_prefix</span> <span class="o">=</span> <span class="s">"kafka"</span> </code></pre> </div> <p>As you can see, the required changes are minimal. <em>local_mode_path_prefix</em> we specify that the structure of the general config is saved in our json file. Now, let's write this json-file for the local configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"db"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testhost"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testpassword"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="mi">1234</span><span class="p">,</span><span class="w"> </span><span class="nl">"user"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testuser"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"faust"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"agents"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"X"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"concurrency"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="nl">"partitions"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"app_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"superapp-workers"</span><span class="p">,</span><span class="w"> </span><span class="nl">"default_concurrency"</span><span class="p">:</span><span class="w"> </span><span class="mi">5</span><span class="p">,</span><span class="w"> </span><span class="nl">"default_partitions_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"kafka"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"auth_data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testpassword"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testuser"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"brokers"</span><span class="p">:</span><span class="w"> </span><span class="s2">"kafka://test"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mechanism"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SASL_PLAINTEXT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>... Well, or just copy and paste it from the end of the last article. As you can see, everything is very simple here. For our further research, rename <em>main.py</em> in the root of the project to <em>__main__.py</em> so that you can run the package with a command from docker-compose.</p> <h1> Put the application into the container and enjoy the build </h1> <p>The first thing we should do is write a small Dockerfile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3.8.3-buster</span> <span class="k">ENV</span><span class="s"> PYTHONUNBUFFERED=1 \</span> POETRY_VIRTUALENVS_CREATE=false \ POETRY_VIRTUALENVS_IN_PROJECT=false \ POETRY_NO_INTERACTION=1 <span class="k">RUN </span>pip <span class="nb">install </span>poetry <span class="k">RUN </span><span class="nb">mkdir</span> /superapp/ <span class="k">WORKDIR</span><span class="s"> /superapp/</span> <span class="k">COPY</span><span class="s"> ./pyproject.toml ./poetry.lock /superapp/</span> <span class="k">RUN </span>poetry <span class="nb">install</span> <span class="nt">--no-ansi</span> <span class="k">WORKDIR</span><span class="s"> /</span> </code></pre> </div> <p>Here we just install the dependencies and that's it, since it is for local development, we do not copy the project code.</p> <p>Next, we need an env file with the variables required for local-mode:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SUPERAPP_ENV=local SUPERAPP_LOCAL_MODE_FILE_PATH=/config.json SUPERAPP_APP_NAME=superapp </code></pre> </div> <p>As you can see, nothing superfluous, no configuration information is needed for Vault, since in local mode, the application will not even try to "knock" on Vault.</p> <p>And the last thing we need to write is the docker-compose.yml file itself:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose config for local development</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">superapp</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="s">python3 -m superapp</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./superapp:/superapp</span> <span class="pi">-</span> <span class="s">./config.json:/config.json</span> <span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">.env.local</span> </code></pre> </div> <p>Everything is simple here too. We put our json file in the root, as write above in the environment variable for the container.</p> <p>Now, launch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose up </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Creating article_sitri_vault_pydantic_superapp_1 ... <span class="k">done </span>Attaching to article_sitri_vault_pydantic_superapp_1 superapp_1 | <span class="nv">db</span><span class="o">=</span>DBSettings<span class="o">(</span><span class="nv">user</span><span class="o">=</span><span class="s1">'testuser'</span>, <span class="nv">password</span><span class="o">=</span><span class="s1">'testpassword'</span>, <span class="nv">host</span><span class="o">=</span><span class="s1">'testhost'</span>, <span class="nv">port</span><span class="o">=</span>1234<span class="o">)</span> <span class="nv">faust</span><span class="o">=</span>FaustSettings<span class="o">(</span><span class="nv">app_name</span><span class="o">=</span><span class="s1">'superapp-workers'</span>, <span class="nv">default_partitions_count</span><span class="o">=</span>10, <span class="nv">default_concurrency</span><span class="o">=</span>5, <span class="nv">agents</span><span class="o">={</span><span class="s1">'X'</span>: AgentConfig<span class="o">(</span><span class="nv">partitions</span><span class="o">=</span>5, <span class="nv">concurrency</span><span class="o">=</span>2<span class="o">)})</span> <span class="nv">kafka</span><span class="o">=</span>KafkaSettings<span class="o">(</span><span class="nv">mechanism</span><span class="o">=</span><span class="s1">'SASL_PLAINTEXT'</span>, <span class="nv">brokers</span><span class="o">=</span><span class="s1">'kafka://test'</span>, <span class="nv">auth_data</span><span class="o">={</span><span class="s1">'password'</span>: <span class="s1">'testpassword'</span>, <span class="s1">'username'</span>: <span class="s1">'testuser'</span><span class="o">})</span> superapp_1 | <span class="o">{</span><span class="s1">'db'</span>: <span class="o">{</span><span class="s1">'user'</span>: <span class="s1">'testuser'</span>, <span class="s1">'password'</span>: <span class="s1">'testpassword'</span>, <span class="s1">'host'</span>: <span class="s1">'testhost'</span>, <span class="s1">'port'</span>: 1234<span class="o">}</span>, <span class="s1">'faust'</span>: <span class="o">{</span><span class="s1">'app_name'</span>: <span class="s1">'superapp-workers'</span>, <span class="s1">'default_partitions_count'</span>: 10, <span class="s1">'default_concurrency'</span>: 5, <span class="s1">'agents'</span>: <span class="o">{</span><span class="s1">'X'</span>: <span class="o">{</span><span class="s1">'partitions'</span>: 5, <span class="s1">'concurrency'</span>: 2<span class="o">}}}</span>, <span class="s1">'kafka'</span>: <span class="o">{</span><span class="s1">'mechanism'</span>: <span class="s1">'SASL_PLAINTEXT'</span>, <span class="s1">'brokers'</span>: <span class="s1">'kafka://test'</span>, <span class="s1">'auth_data'</span>: <span class="o">{</span><span class="s1">'password'</span>: <span class="s1">'testpassword'</span>, <span class="s1">'username'</span>: <span class="s1">'testuser'</span><span class="o">}}}</span> </code></pre> </div> <p>As you can see, everything started successfully and the information from our json file successfully passed all checks and became settings for the local version of the application, yuhhu!</p> <p>Code of this "continuation" I put in a separate branch of the repository, so you can take a look at how it all looks after the changes: <a href="https://github.com/Egnod/article_sitri_vault_pydantic/tree/local_mode_example">branch</a></p> python config management vault Pushing Prometheus metrics with pushgateway Alexander Lavrov Fri, 11 Dec 2020 23:13:34 +0000 https://forem.com/egnod/pushing-prometheus-metrics-with-pushgateway-1gpb https://forem.com/egnod/pushing-prometheus-metrics-with-pushgateway-1gpb <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fg60cdrr4ywgbnm1j7d3u.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fg60cdrr4ywgbnm1j7d3u.jpg" alt="Alt Text"></a></p> <h1> Preface </h1> <p>This post is generally about pushing metrics in <a href="https://github.com/prometheus/pushgateway" rel="noopener noreferrer">pushgateway</a>, however, I will warn you and admit right away that the text will contain an example - an anti-pattern of pushing metrics, since using pushgateway <a href="https://prometheus.io/docs/practices/pushing/#should-i-be-using-the-pushgateway" rel="noopener noreferrer">is recommended </a> in the case when the service does not work constantly (or the service/task being started does not have any interface at all), and therefore it is better for prometheus not to constantly knock on closed doors and not do unnecessary work.</p> <h1> Introduction </h1> <p>So, <a href="https://github.com/prometheus/pushgateway" rel="noopener noreferrer">pushgateway</a> is a service where you can push metrics when the standard prometheus pull-model is not applicable (in the preface, I generally described how such a situation can arise). After the metrics have entered the pushgateway, prometheus already picks them up from there, and this implies several restrictions related to pushing metrics, for example, the absence of the <em>up</em> metric, since it is generated by prometheus itself for the polled app instance, and in this case, it is only the pushgateway.</p> <p>p.s. Although, if we talk about the <em>up</em> metric, then it is not needed if you use pushgateway in a <em>recomended</em> way.</p> <h1> Bake Prometheus for poll pushgateway </h1> <p>Let's say we have a compose like this with prometheus and pushgateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># ....(тут какие-нибудь графаны и т.д.) </span> <span class="na">prometheus</span><span class="pi">:</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/prometheus:latest</span> <span class="na">links</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pushgateway</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./.prom.yml:/opt/bitnami/prometheus/conf/prometheus.yml</span> <span class="na">pushgateway</span><span class="pi">:</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/pushgateway:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">9091:9091</span> </code></pre> </div> <p>In this case, <em>prom.yml</em> should look something like this to collect data from pushgateway:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">global</span><span class="pi">:</span> <span class="kc">null</span> <span class="na">scrape_interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">scrape_timeout</span><span class="pi">:</span> <span class="s">2s</span> <span class="na">evaluation_interval</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">scrape_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job_name</span><span class="pi">:</span> <span class="s">pushgateway</span> <span class="na">honor_labels</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">static_configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">pushgateway:9091'</span> </code></pre> </div> <p>Everything is quite clear here, they added only honor_lables, which, if briefly resolves conflicts of label names, that is, for example, if your service has a metric with the "X" label and pushgateway has a label "X", then with honor_lables = false you will have label "X" with pushgateway and "exported_X" from your service that pushed metrics to pushgateway, and if true, only your service labels will be displayed (again, if there is a conflict).</p> <p>p.s. Pushgateway security - docs recommends by default, for example, to use basic_auth. </p> <h1> Push metrics </h1> <p>I could give a beautiful example that corresponds to normal practice, however, I thought and decided that they hadn't given me any disrespect for a long time, therefore there will be an example of pushing metrics due to the fact that the service_discovery setting is absent (in production, of course, it is impossible).</p> <p>So, let's say we have workers <a href="https://faust.readthedocs.io/en/latest/" rel="noopener noreferrer">Faust</a> there are a lot of them and they are not in the cluster (there is no swarm, no k8s), there are also no consul and other <a href="https://prometheus.io/docs/prometheus/latest/configuration/configuration/#configuration-file" rel="noopener noreferrer"> ways</a> in which prometheus is able, they just run quietly in docker-compose and multiply with the scale argument.</p> <p>More horror and sedition, in addition to pushing metrics, can be done by raging ports, for example, like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">9100-9200:6066"</span> </code></pre> </div> <p>And write targets with the whole set of ports into the prometheus config.</p> <p>Let's continue through the code. For metrics from workers, you can use an already <a href="https://github.com/trallnag/prometheus-fastapi-instrumentator" rel="noopener noreferrer">ready library</a>. All we will do in this case is write a small timer in order to send metrics using the standard push_to_gateway function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">push_metrics</span><span class="p">():</span> <span class="k">def</span> <span class="nf">auth_handler</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">method</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">headers</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="k">return</span> <span class="nf">basic_auth_handler</span><span class="p">(</span><span class="n">url</span><span class="p">,</span> <span class="n">method</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">headers</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">PUSHGATEWAY_USERNAME</span><span class="p">,</span> <span class="n">PUSHGATEWAY_PASSWORD</span><span class="p">)</span> <span class="nf">push_to_gateway</span><span class="p">(</span><span class="n">PUSHGATEWAY_URI</span><span class="p">,</span> <span class="n">job</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">WORKERS_APP_NAME</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">ENV</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">registry</span><span class="o">=</span><span class="n">registry_metrics</span><span class="p">,</span> <span class="n">handler</span><span class="o">=</span><span class="n">auth_handler</span><span class="p">)</span> <span class="nd">@app.timer</span><span class="p">(</span><span class="n">interval</span><span class="o">=</span><span class="n">PUSH_METRICS_INTERVAL</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">push_metrics_cron</span><span class="p">():</span> <span class="k">await</span> <span class="nf">push_metrics</span><span class="p">()</span> </code></pre> </div> <p>As you can see, everything is quite simple here - we specify the job name (with a pool of metrics - this is done in the prometheus config), substitute the handler for authentication and specify the registry from which the metrics will be pushed. Well, that's all, we launch and when we open the pushgateway of the web-panel, we see that the metrics have been loaded at an interval, then the previously configured prometheus will take them from there.</p> <h1> Afterword </h1> <p>I decided to write a note, since I encountered a similar one in my work, I will say right away that the method from the example will not go to production, however, as using pushgateway in the absence of a service discovery, for testing it can come off.</p> python prometheus monitoring analytics Sitri = Vault+Pydantic: configuration with clear structure and validation Alexander Lavrov Thu, 10 Dec 2020 18:04:11 +0000 https://forem.com/egnod/configuring-the-service-using-vault-and-pedantic-2d91 https://forem.com/egnod/configuring-the-service-using-vault-and-pedantic-2d91 <h1> Introduction </h1> <p>In this article, I will talk about the configuration for your services using the Vault (KV and so far only the first version, i.e. without versioning secrets) and Pydantic (Settings) under the patronage of <a href="https://github.com/LemegetonX/sitri">Sitri</a>.</p> <p>So, let's say that we have a <em>superapp</em> service with configs set up in Vault and authentication using AppRole, we'll set it up like this (I'll leave the policies setting for access to secret engines and the secrets themselves behind the scenes, since this is quite simple and the article is not about this):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Key Value --- ----- bind_secret_id true local_secret_ids false policies [superapp_service] secret_id_bound_cidrs &lt;nil&gt; secret_id_num_uses 0 secret_id_ttl 0s token_bound_cidrs [] token_explicit_max_ttl 0s token_max_ttl 30m token_no_default_policy false token_num_uses 50 token_period 0s token_policies [superapp_service] token_ttl 20m token_type default </code></pre> </div> <p><em>Note:</em> naturally, if you have the opportunity and the application goes into production mode, then secret_id_ttl is better to do not infinite, setting 0 seconds.</p> <p><em>Superapp</em> requires configuration of database connection, the connection to kafka and <a href="http://faust.readthedocs.io">faust</a> configuration for cluster of workers.</p> <p>At the end, we should have this structure of our test-project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>super_app ├── config │ ├── __init__.py │ ├── provider_config.py │ ├── faust_settings.py │ ├── app_settings.py │ ├── kafka_settings.py │ └── database_settings.py ├── __init__.py └── main.py </code></pre> </div> <h1> Bake Sitri provider </h1> <p>Basic library documentation has <a href="https://sitri.readthedocs.io/en/latest/advanced_usage.html#vault-kv-setting-example">a simple example</a>, configuration via the vault provider, however, it does not cover all the features and can be useful if your application is configured easily enough.</p> <p>So, first of all, let's configure the vault provider in a file <em>provider_config.py</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">hvac</span> <span class="kn">from</span> <span class="nn">sitri.providers.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVConfigProvider</span> <span class="kn">from</span> <span class="nn">sitri.providers.contrib.system</span> <span class="kn">import</span> <span class="n">SystemConfigProvider</span> <span class="n">configurator</span> <span class="o">=</span> <span class="n">SystemConfigProvider</span><span class="p">(</span><span class="n">prefix</span><span class="o">=</span><span class="s">"superapp"</span><span class="p">)</span> <span class="n">ENV</span> <span class="o">=</span> <span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"env"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">vault_client_factory</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="n">hvac</span><span class="p">.</span><span class="n">Client</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="n">hvac</span><span class="p">.</span><span class="n">Client</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"vault_api"</span><span class="p">))</span> <span class="n">client</span><span class="p">.</span><span class="n">auth_approle</span><span class="p">(</span> <span class="n">role_id</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"role_id"</span><span class="p">),</span> <span class="n">secret_id</span><span class="o">=</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">"secret_id"</span><span class="p">),</span> <span class="p">)</span> <span class="k">return</span> <span class="n">client</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">VaultKVConfigProvider</span><span class="p">(</span> <span class="n">vault_connector</span><span class="o">=</span><span class="n">vault_client_factory</span><span class="p">,</span> <span class="n">mount_point</span><span class="o">=</span><span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'app_name'</span><span class="p">)</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">ENV</span><span class="si">}</span><span class="s">"</span> <span class="p">)</span> </code></pre> </div> <p>In this code, we get variables from the environment using the system provider to configure the connection to vault, i.e. the following variables must be exported initially:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">SUPERAPP_ENV</span><span class="o">=</span>dev <span class="nb">export </span><span class="nv">SUPERAPP_APP_NAME</span><span class="o">=</span>superapp <span class="nb">export </span><span class="nv">SUPERAPP_VAULT_API</span><span class="o">=</span>https://your-vault-host.domain <span class="nb">export </span><span class="nv">SUPERAPP_ROLE_ID</span><span class="o">=</span>&lt;YOUR_ROLE_ID&gt; <span class="nb">export </span><span class="nv">SUPERAPP_SECRET_ID</span><span class="o">=</span>&lt;YOUR_SECRET_ID&gt; </code></pre> </div> <p>The example assumes that the base mount_point to your secrets for a specific environment will contain the application name and the environment name, which is why we exported <em>SUPERAPP_ENV</em>. We will define the path to the secrets of individual parts of the application in the settings classes later, so we leave it empty in the <em>secret_path</em> vault provider argument.</p> <h1> Settings classes </h1> <h2> DBSetting - database connection </h2> <p>To create the settings class, we must use VaultKVSettings as the base class.</p> <p>File <em>database_settings.py</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">Field</span> <span class="kn">from</span> <span class="nn">sitri.settings.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.provider_config</span> <span class="kn">import</span> <span class="n">provider</span> <span class="k">class</span> <span class="nc">DBSettings</span><span class="p">(</span><span class="n">VaultKVSettings</span><span class="p">):</span> <span class="n">user</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...,</span> <span class="n">vault_secret_key</span><span class="o">=</span><span class="s">"username"</span><span class="p">)</span> <span class="n">password</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">host</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">port</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="n">default_secret_path</span> <span class="o">=</span> <span class="s">"db"</span> </code></pre> </div> <p>As you can see, config data for the database connection is quite simple. This class will by default look at the secret <em>superapp/dev/db</em>, as we specified in the <em>Config</em> class. At first glance these are simple <em>pydantic.Field</em>, but they all have an extra argument <em>vault_secret_key</em> - it is needed when the key in the secret does not match the name (alias) of the pydantic field in our class, if <em>vault_secret_key</em> is not specified, the provider will search for the key by the field alias.</p> <p>For example, in our <em>superapp</em>, it is assumed that the <em>superapp/dev/db</em> secret has the "password" and "username" keys, but we want the latter to be placed in the "user" field for convenience and brevity.</p> <p>Let's put the following data in the above secret:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"host"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testhost"</span><span class="p">,</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testpassword"</span><span class="p">,</span><span class="w"> </span><span class="nl">"port"</span><span class="p">:</span><span class="w"> </span><span class="s2">"1234"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testuser"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Now, if we run this code, we will get our secret from vault with our <em>DBSettings</em> class:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">superapp.config.database_settings</span> <span class="kn">import</span> <span class="n">DBSettings</span> <span class="n">db_settings</span> <span class="o">=</span> <span class="n">DBSettings</span><span class="p">()</span> <span class="n">pprint</span><span class="p">(</span><span class="n">db_settings</span><span class="p">.</span><span class="nb">dict</span><span class="p">())</span> <span class="c1"># -&gt; # { # "host": "testhost", # "password": "testpassword", # "port": 1234, # "user": "testuser" # } </span></code></pre> </div> <h2> KafkaSettings - connection to brokers </h2> <p>File <em>kafka_settings.py</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">Any</span> <span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">Field</span> <span class="kn">from</span> <span class="nn">sitri.settings.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.provider_config</span> <span class="kn">import</span> <span class="n">provider</span><span class="p">,</span> <span class="n">configurator</span> <span class="k">class</span> <span class="nc">KafkaSettings</span><span class="p">(</span><span class="n">VaultKVSettings</span><span class="p">):</span> <span class="n">auth_mechanism</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">brokers</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">auth_data</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="n">default_secret_path</span> <span class="o">=</span> <span class="s">"kafka"</span> <span class="n">default_mount_point</span> <span class="o">=</span> <span class="sa">f</span><span class="s">"</span><span class="si">{</span><span class="n">configurator</span><span class="p">.</span><span class="n">get</span><span class="p">(</span><span class="s">'app_name'</span><span class="p">)</span><span class="si">}</span><span class="s">/common"</span> </code></pre> </div> <p>In this case, let's imagine that there is one kafka instance for different environments of our service, so the secret is stored along the path <em>superapp/common/kafka</em>:</p> <p><em>Note:</em> You can also set secret_path or/and mount_point at the field level so that the provider requests specific values from different secrets (if required). Here is a quote with prioritization of the secret path and mount point from the <a href="https://sitri.readthedocs.io/en/latest/advanced_usage.html#vault-settings-configurators">documentation</a>:</p> <blockquote> <p>Secret path prioritization:</p> <ol> <li> vault_secret_path (Field arg)</li> <li> default_secret_path (Config class field)</li> <li> secret_path (provider initialization optional arg)</li> </ol> <p>Mount point prioritization:</p> <ol> <li> vault_mount_point (Field arg)</li> <li> default_mount_point (Config class field)</li> <li> mount_point (provider initialization optional arg) </li> </ol> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"auth_data"</span><span class="p">:</span><span class="w"> </span><span class="s2">"{</span><span class="se">\"</span><span class="s2">password</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="s2">testpassword</span><span class="se">\"</span><span class="s2">, </span><span class="se">\"</span><span class="s2">username</span><span class="se">\"</span><span class="s2">: </span><span class="se">\"</span><span class="s2">testuser</span><span class="se">\"</span><span class="s2">}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"auth_mechanism"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SASL_PLAINTEXT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"brokers"</span><span class="p">:</span><span class="w"> </span><span class="s2">"kafka://test"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Or<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"auth_data"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"password"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testpassword"</span><span class="p">,</span><span class="w"> </span><span class="nl">"username"</span><span class="p">:</span><span class="w"> </span><span class="s2">"testuser"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"brokers"</span><span class="p">:</span><span class="w"> </span><span class="s2">"kafka://test"</span><span class="p">,</span><span class="w"> </span><span class="nl">"auth_mechanism"</span><span class="p">:</span><span class="w"> </span><span class="s2">"SASL_PLAINTEXT"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><em>Note:</em> VaultKVSettings can understand both json and Dict itself.</p> <p>As a result, this class of settings will be able to collect data from the secret like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span> <span class="s">"auth_data"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"password"</span><span class="p">:</span> <span class="s">"testpassword"</span><span class="p">,</span> <span class="s">"username"</span><span class="p">:</span> <span class="s">"testuser"</span> <span class="p">},</span> <span class="s">"brokers"</span><span class="p">:</span> <span class="s">"kafka://test"</span><span class="p">,</span> <span class="s">"auth_mechanism"</span><span class="p">:</span> <span class="s">"SASL_PLAINTEXT"</span> <span class="p">}</span> </code></pre> </div> <h2> FaustSettings - global configure faust and individual agents </h2> <p>File <em>faust_settings.py</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Dict</span> <span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">Field</span><span class="p">,</span> <span class="n">BaseModel</span> <span class="kn">from</span> <span class="nn">sitri.settings.contrib.vault</span> <span class="kn">import</span> <span class="n">VaultKVSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.provider_config</span> <span class="kn">import</span> <span class="n">provider</span> <span class="k">class</span> <span class="nc">AgentConfig</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">partitions</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">concurrency</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="k">class</span> <span class="nc">FaustSettings</span><span class="p">(</span><span class="n">VaultKVSettings</span><span class="p">):</span> <span class="n">app_name</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...)</span> <span class="n">default_partitions_count</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...,</span> <span class="n">vault_secret_key</span><span class="o">=</span><span class="s">"partitions_count"</span><span class="p">)</span> <span class="n">default_concurrency</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(...,</span> <span class="n">vault_secret_key</span><span class="o">=</span><span class="s">"agent_concurrency"</span><span class="p">)</span> <span class="n">agents</span><span class="p">:</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">AgentConfig</span><span class="p">]</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">vault_secret_key</span><span class="o">=</span><span class="s">"agents_specification"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Config</span><span class="p">:</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">provider</span> <span class="n">default_secret_path</span> <span class="o">=</span> <span class="s">"faust"</span> </code></pre> </div> <p>Secret <em>superapp/dev/faust</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"agent_concurrency"</span><span class="p">:</span><span class="w"> </span><span class="s2">"5"</span><span class="p">,</span><span class="w"> </span><span class="nl">"app_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"superapp-workers"</span><span class="p">,</span><span class="w"> </span><span class="nl">"partitions_count"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>If our secret is written as indicated above, then individual agents will take information about the number of partitions in their topics and concurrency from the default fields.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span> <span class="s">"agents"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="s">"app_name"</span><span class="p">:</span> <span class="s">"superapp-workers"</span><span class="p">,</span> <span class="s">"default_concurrency"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="s">"default_partitions_count"</span><span class="p">:</span> <span class="mi">10</span> <span class="p">}</span> </code></pre> </div> <p>However, with the help of the <em>AgentConfig</em> model, we can set individual values for a specific agent. For example, if we have agent <em>X</em> with 5 partitions and concurrency 2, then we can change our secret so that information about this agent is in the "agents" field.</p> <p>Secret <em>superapp/dev/faust</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"agent_concurrency"</span><span class="p">:</span><span class="w"> </span><span class="s2">"5"</span><span class="p">,</span><span class="w"> </span><span class="nl">"agents_specification"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"X"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"concurrency"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"partitions"</span><span class="p">:</span><span class="w"> </span><span class="s2">"5"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"app_name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"superapp-workers"</span><span class="p">,</span><span class="w"> </span><span class="nl">"partitions_count"</span><span class="p">:</span><span class="w"> </span><span class="s2">"10"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>If we initialize our settings now, we will receive, in addition to the default fields, also the configuration for a specific agent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span> <span class="s">"agents"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"X"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"concurrency"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="s">"partitions"</span><span class="p">:</span> <span class="mi">5</span> <span class="p">}</span> <span class="p">},</span> <span class="s">"app_name"</span><span class="p">:</span> <span class="s">"superapp-workers"</span><span class="p">,</span> <span class="s">"default_concurrency"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="s">"default_partitions_count"</span><span class="p">:</span> <span class="mi">10</span> <span class="p">}</span> </code></pre> </div> <h2> Combine the settings classes into a single configuration model </h2> <p>To make our configs even more convenient to use, let's combine all our settings classes into one model by applying the default_factory:</p> <p>File <em>app_settings.py</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="kn">from</span> <span class="nn">superapp.config.database_settings</span> <span class="kn">import</span> <span class="n">DBSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.faust_settings</span> <span class="kn">import</span> <span class="n">FaustSettings</span> <span class="kn">from</span> <span class="nn">superapp.config.kafka_settings</span> <span class="kn">import</span> <span class="n">KafkaSettings</span> <span class="k">class</span> <span class="nc">AppSettings</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">db</span><span class="p">:</span> <span class="n">DBSettings</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(</span><span class="n">default_factory</span><span class="o">=</span><span class="n">DBSettings</span><span class="p">)</span> <span class="n">faust</span><span class="p">:</span> <span class="n">FaustSettings</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(</span><span class="n">default_factory</span><span class="o">=</span><span class="n">FaustSettings</span><span class="p">)</span> <span class="n">kafka</span><span class="p">:</span> <span class="n">KafkaSettings</span> <span class="o">=</span> <span class="n">Field</span><span class="p">(</span><span class="n">default_factory</span><span class="o">=</span><span class="n">KafkaSettings</span><span class="p">)</span> </code></pre> </div> <p>Now, let's go to the <em>main.py</em> file and test the collection of complete configuration data for our application:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">superapp.config</span> <span class="kn">import</span> <span class="n">AppSettings</span> <span class="n">config</span> <span class="o">=</span> <span class="n">AppSettings</span><span class="p">()</span> <span class="k">print</span><span class="p">(</span><span class="n">config</span><span class="p">)</span> <span class="k">print</span><span class="p">(</span><span class="n">config</span><span class="p">.</span><span class="nb">dict</span><span class="p">())</span> </code></pre> </div> <p>We get the output of application configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">db</span><span class="o">=</span><span class="n">DBSettings</span><span class="p">(</span><span class="n">user</span><span class="o">=</span><span class="s">'testuser'</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="s">'testpassword'</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="s">'testhost'</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">1234</span><span class="p">)</span> <span class="n">faust</span><span class="o">=</span><span class="n">FaustSettings</span><span class="p">(</span><span class="n">app_name</span><span class="o">=</span><span class="s">'superapp-workers'</span><span class="p">,</span> <span class="n">default_partitions_count</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="n">default_concurrency</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">agents</span><span class="o">=</span><span class="p">{</span><span class="s">'X'</span><span class="p">:</span> <span class="n">AgentConfig</span><span class="p">(</span><span class="n">partitions</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">concurrency</span><span class="o">=</span><span class="mi">2</span><span class="p">)})</span> <span class="n">kafka</span><span class="o">=</span><span class="n">KafkaSettings</span><span class="p">(</span><span class="n">auth_mechanism</span><span class="o">=</span><span class="s">'SASL_PLAINTEXT'</span><span class="p">,</span> <span class="n">brokers</span><span class="o">=</span><span class="s">'kafka://test'</span><span class="p">,</span> <span class="n">auth_data</span><span class="o">=</span><span class="p">{</span><span class="s">'password'</span><span class="p">:</span> <span class="s">'testpassword'</span><span class="p">,</span> <span class="s">'username'</span><span class="p">:</span> <span class="s">'testuser'</span><span class="p">})</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="p">{</span> <span class="s">"db"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"host"</span><span class="p">:</span> <span class="s">"testhost"</span><span class="p">,</span> <span class="s">"password"</span><span class="p">:</span> <span class="s">"testpassword"</span><span class="p">,</span> <span class="s">"port"</span><span class="p">:</span> <span class="mi">1234</span><span class="p">,</span> <span class="s">"user"</span><span class="p">:</span> <span class="s">"testuser"</span> <span class="p">},</span> <span class="s">"faust"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"agents"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"X"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"concurrency"</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="s">"partitions"</span><span class="p">:</span> <span class="mi">5</span> <span class="p">}</span> <span class="p">},</span> <span class="s">"app_name"</span><span class="p">:</span> <span class="s">"superapp-workers"</span><span class="p">,</span> <span class="s">"default_concurrency"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="s">"default_partitions_count"</span><span class="p">:</span> <span class="mi">10</span> <span class="p">},</span> <span class="s">"kafka"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"auth_data"</span><span class="p">:</span> <span class="p">{</span> <span class="s">"password"</span><span class="p">:</span> <span class="s">"testpassword"</span><span class="p">,</span> <span class="s">"username"</span><span class="p">:</span> <span class="s">"testuser"</span> <span class="p">},</span> <span class="s">"brokers"</span><span class="p">:</span> <span class="s">"kafka://test"</span><span class="p">,</span> <span class="s">"auth_mechanism"</span><span class="p">:</span> <span class="s">"SASL_PLAINTEXT"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Happiness, joy, delight!</p> <h1> Afterword </h1> <p>As you can see, the configuring is quite simple with Sitri, after it we get a clear configuration scheme with the required data types for the values, even if they were stored in strings in the vault by default.</p> <p>Write comments about lib, code or general impressions. I will be glad to any feedback!</p> <p>P.S. <a href="https://github.com/Egnod/article_sitri_vault_pydantic">I have uploaded the code from the article to github</a></p> python vault pydantic configmanagment