code polish and README update

Janez Justin · Janez Justin · commit 25858d2fdee1 · 2017-08-14T10:18:33.000+02:00
diff --git a/rpm/Makefile b/rpm/Makefile
@@ -1,10 +1,23 @@
-ZIPPED			:= s3rpm.py gnupg.py pyrpm/* pyrpm/tools/*
+ZIPPED_FILES := s3rpm.py requirements/gnupg.py # files to compress in root of zip
+ZIPPED_DIR   := pyrpm # folders from requirements folder to compress to root of zip
 
+all: requires test package
 
-set: requires package
+help: ## displays this message
+	@grep -E '^[a-zA-Z_/%\-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 
-requires:
-	pip3 install -t . -r requirements.txt --upgrade
-	
-package:
-	zip code.zip $(ZIPPED)
+requires: ## installs required packages
+	pip3 install -t ./requirements -r requirements.txt
+
+package: ## creates zip of code
+	zip -j code.zip $(ZIPPED_FILES)
+	cd requirements && zip -r ../code.zip $(ZIPPED_DIR)
+
+clean: ## cleans up the repository
+	/bin/rm -rf code.zip
+	/bin/rm -rf ./requirements
+
+test: ## runs the tests
+	cp s3rpm_test.py requirements
+	cp s3rpm.py requirements
+	cd requirements && python3.6 s3rpm_test.py
diff --git a/rpm/README.md b/rpm/README.md
@@ -2,36 +2,68 @@
 
 Automatic YUM repository building inside S3 bucket using with lambda support
 
-## Setting up S3 and Lambda
-
-Clone the repo and get all other required files
+## Readme contents
+
+* [Setting up code, S3 and Lambda](#setting-up-code-s3-and-lambda)
+    * [Getting the code](#getting-the-code)
+    * [GPG key](#gpg-key)
+    * [Environmental variables](#environmental-variables)
+    * [Set up role](#set-up-role)
+    * [Set up lambda with CLI](#set-up-lambda-with-cli)
+    * [Set up lambda manually](#set-up-lambda-manually)
+    * [The triggers](#the-triggers)
+    * [Set up S3](#set-up-s3)
+* [Setting up yum](#setting-up-yum)
+    * [First time set up](#first-time-set-up)
+    * [Install/update](#installupdate)
+* [Notes](#notes)
+* [Tests](#tests)
+
+## Setting up code, S3 and Lambda
+
+### Getting the code
+Clone the repo, get all other required files and compress them
 ```
 git clone https://github.com/tactycal/lambdaRepos.git
 cd lambdaRepos/rpm
-pip3 install -t . -r requirements.txt
+make all
 ```
 
-Compress all needed files
+### GPG key
+create your gpg key (skip to exporting your key, if you already have it)
 ```
-zip code.zip s3rpm.py gnupg.py pyrpm/* pyrpm/tools/*
+gpg --gen-key
+# Follow the instructions
+# Create 'RSA and RSA' key - option 1
+# For maxium encryption it is recommended to make 4096 bits long key
+# Key should not expire
 ```
 
-Or just use `make set` instead of `zip` and `pip3` command
+export your key
 
-Presuming you already have GPG key generated export secret key (you can skip this part if you don't want to GPG sign your repository)
 ```
-gpg -a --export-secret-key > secret.key
+gpg --export-secret-key -a "User Name" > secret.key  # exports secret key to secret.key
 ```
 
-Create new lambda function, set handler to **s3rpm.lambda_handler**, runtime to **python 3.6** and the triggers to:
+### Set up role
 
- * Object Created, suffix 'rpm'
- * Object Removed, suffix 'rpm'
- * If you are using certain directory as a repo, set it as prefix
+Create new role with s3 write/read access
 
-Upload `code.zip` to lambda function
+Here is a minimal requirement for the policy that is included in role:
+```
+{"Version": "2012-10-17",
+    "Statement": [
+        {"Sid": "<THIS IS UNIQE>",
+            "Action": [
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:PutObjectAcl"],
+            "Effect": "Allow",
+            "Resource": "arn:aws:s3:::<YOUR BUCKET NAME>/*"}]}
+```
 
-Set the environmental variables
+### Environmental variables
+These are the environmental variables you will have to set:
 
 | Key | Value |
 | --- | ---|
@@ -51,14 +83,44 @@ Set the environmental variables
 
 **REPO_DIR** Path to repositroy from bucket root. If none is set, it is assumed root of repository is root of the bucket
 
+### Set up lambda with CLI
+
+[Install aws cli](http://docs.aws.amazon.com/cli/latest/userguide/installing.html)
+
+Create new lambda function:
+```
+aws lambda create-function \
+    --function-name <name the function> \
+    --zip-file fileb://code.zip \
+    --role <role's arn> \    # arn from role with S3 read/write access
+    --handler s3rpm.handler \
+    --runtime python3.6 \
+# Replace '<...>' with environmental variables
+    --environment Variables='{PUBLIC=<bool>, GPG_KEY=<file>, GPG_PASS=<password>, BUCKET_NAME=<bucket name>, REPO_DIR=<dir>}'
+```
+
+### Set up lambda manually
 
+If CLI is not your thing, then you can upload code manaully
+
+Create new lambda function, set handler to **s3rpm.lambda_handler**, runtime to **python 3.6**
+
+Upload `code.zip` to lambda function
+
+### The triggers
+
+ * Object Created(All), suffix 'rpm'
+ * Object Removed(All), suffix 'rpm'
+ * If you are using certain directory as a repo, set it as prefix
+
+### Set up S3
 Upload secret key file to location you specified as GPG_KEY
 
-Upload GPG SIGNED .rpm file to desired folder, lambda function should now keep your repository up to date
+Upload .rpm file to desired folder, lambda function should now keep your repository up to date
 
 ## Setting up yum
 
-**First time set up**
+### First time set up
 
 create `example.repo` file in `/etc/yum.repos.d/example.repo` 
 ```
@@ -78,23 +140,28 @@ gpgkey=<link to public key of key you used for signing metadata files>
 * You can do `repo_gpgcheck=0` to skip gpg verification when installing packages
 * You can do `gpgcheck=1` if you are uploading signed rpm packages(lambda does not sign them, it signs only metadata xml file)
 
+### Install/update
 Install package
 ```
-su
-yum install <package name>
+sudo yum install <package name>
 ```
 
 Upgrading package
 ```
-su
-yum upgrade
+sudo yum upgrade
 ```
 
 ## Notes
 
-.rpm and repodata/* in repository directory are and should be publicly accessible
+* .rpm and repodata/* in repository directory are and should be publicly accessible for the 
+
+* Don't forget to increase the timeout of lambda function
 
-Don't forget to increase the timeout of lambda function
+* If somebody tries to inject a malicious rpm file in your repo it will be automaticly added to repository. It is your job to make bucket secure enough for this not to happen.!!!
 
-If somebody tries to inject a malicious rpm file in your repo it will be automaticly added to repository. It is your job to make bucket secure enough for this not to happen.!!!
+## Tests
 
+To run unit tests:
+```
+make test
+```
diff --git a/rpm/s3rpm.py b/rpm/s3rpm.py
@@ -15,10 +15,7 @@ def lambda_handler(event, context):
     repo = YumRepository('/tmp/repo/') # set repository
     prefix = '/'.join(key.split('/')[0:-1])+'/'
 
-    if os.environ['REPO_DIR'].endswith('/'):
-        os.environ['REPO_DIR'] = os.environ['REPO_DIR'][:-1]
-    if os.environ['REPO_DIR'].startswith('/'):
-        os.environ['REPO_DIR'] = os.environ['REPO_DIR'][1:]
+    os.environ['REPO_DIR'] = os.environ['REPO_DIR'].strip('/')
 
     #make sure we are working with correct files
     if bucket == os.environ['BUCKET_NAME'] and key.endswith(".rpm") and prefix.startswith(os.environ['REPO_DIR']):
