reach_commons 0.18.37__py3-none-any.whl → 0.18.39__py3-none-any.whl

reach_commons/reach_aws/__init__.py

@@ -0,0 +1,3 @@
+from reach_commons.reach_aws.db_config import get_secret
+
+__all__ = ["get_secret"]

reach_commons/reach_aws/db_config.py

@@ -0,0 +1,87 @@
+import base64
+import json
+import os
+from typing import Any, Dict
+
+import boto3
+from botocore.exceptions import ClientError
+
+ENV = os.environ.get("ENV", "Staging")
+
+
+def _get_secret_json(secret_arn: str, region_name: str = "us-east-1") -> Dict[str, Any]:
+    """Fetch and parse a JSON secret from AWS Secrets Manager."""
+    session = boto3.Session(region_name=region_name)
+    client = session.client("secretsmanager")
+
+    try:
+        response = client.get_secret_value(SecretId=secret_arn)
+    except ClientError as exc:
+        raise RuntimeError(
+            f"Failed to fetch secret from AWS Secrets Manager: secret_arn={secret_arn}"
+        ) from exc
+
+    secret_string = _extract_secret_string(response, secret_arn)
+    try:
+        return json.loads(secret_string)
+    except json.JSONDecodeError as exc:
+        raise ValueError(
+            f"Secret value is not valid JSON: secret_arn={secret_arn}"
+        ) from exc
+
+
+def _extract_secret_string(response: Dict[str, Any], secret_arn: str) -> str:
+    if response.get("SecretBinary"):
+        decoded = base64.b64decode(response["SecretBinary"])
+        return decoded.decode("utf-8")
+    secret_string = response.get("SecretString")
+    if not secret_string:
+        raise ValueError(
+            f"Secret did not contain SecretString or SecretBinary: secret_arn={secret_arn}"
+        )
+    return secret_string
+
+
+def get_secret(
+    secret_arn: str,
+    region_name: str = "us-east-1",
+    host=os.getenv("db_host_proxy"),
+    db_name=os.getenv("db_name"),
+) -> Dict[str, Any]:
+    """
+    Load DB credentials from AWS Secrets Manager and host from SSM Parameter Store.
+
+    Example:
+        # from reach_commons.reach_aws import get_secret
+        # config = get_secret(
+        # os.environ[ "RDS_SECRET_ARN"],
+        #)
+    """
+
+    if not secret_arn:
+        raise ValueError(f"RDS secret ARN is not configured")
+    if not host:
+        raise ValueError(f"RDS host is not configured")
+
+    secrets_data = _get_secret_json(secret_arn, region_name)
+
+    if not isinstance(secrets_data, dict):
+        raise ValueError(
+            f"Secret payload must be a JSON object: secret_arn={secret_arn}"
+        )
+
+    secrets_data["host"] = host
+    secrets_data["dbname"] = db_name
+
+    missing = [
+        key
+        for key in ("host", "username", "password", "dbname")
+        if key not in secrets_data
+    ]
+    if missing:
+        raise ValueError(
+            "Secret is missing required fields: "
+            f"missing={missing}, secret_arn={secret_arn}"
+        )
+
+    return secrets_data

reach_commons/reach_aws/reach_rate_limiter.py

@@ -133,7 +133,10 @@ class ReachRateLimiter:
         Loads config from Redis hash:
           limit_per_window, interval_seconds, jitter_seconds
 
-        Uses short in-memory cache to avoid hammering Redis under high throughput.
+        Behavior:
+          - If config exists in Redis: read only (never overwrite).
+          - If config does NOT exist yet: seed Redis ONCE with defaults (so you can edit live).
+          - If Redis is unavailable: fallback to defaults (no writes).
         """
         now = self._now()
 
@@ -149,7 +152,18 @@ class ReachRateLimiter:
         jitter = self.default_jitter
 
         try:
-            raw = self.redis.hgetall(self._cfg_key()) or {}
+            cfg_key = self._cfg_key()
+            raw = self.redis.hgetall(cfg_key) or {}
+
+            # If config was never created, seed it once with defaults
+            if not raw:
+                rc = self.redis.redis_connection
+                rc.hsetnx(cfg_key, "limit_per_window", str(self.default_limit))
+                rc.hsetnx(cfg_key, "interval_seconds", str(self.default_interval))
+                rc.hsetnx(cfg_key, "jitter_seconds", str(self.default_jitter))
+
+                # Re-read after seeding (so we now depend on Redis config)
+                raw = self.redis.hgetall(cfg_key) or {}
 
             # raw typically has bytes keys/values
             limit = self._parse_int(
@@ -162,7 +176,7 @@ class ReachRateLimiter:
                 raw.get(b"jitter_seconds") or raw.get("jitter_seconds"), jitter
             )
 
-            # Guard rails
+            # If someone puts garbage in Redis
             if limit <= 0:
                 limit = self.default_limit
             if interval <= 0:

{reach_commons-0.18.37.dist-info → reach_commons-0.18.39.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: reach_commons
-Version: 0.18.37
+Version: 0.18.39
 Summary: Reach Commons is a versatile utility library designed to streamline and enhance development workflows within the Reach ecosystem.
 License: MIT
 Author: Engineering

{reach_commons-0.18.37.dist-info → reach_commons-0.18.39.dist-info}/RECORD

@@ -15,13 +15,14 @@ reach_commons/mongo/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSu
 reach_commons/mongo/customer_persistence.py,sha256=acrtpyCWr9vLVq61saJ3_Vp4DYHFBTM9XqoYC72J84w,3735
 reach_commons/mongo/customer_persistence_async.py,sha256=BmcP8TXyyQah-GYM3wcKi1baqSCycjw7UadlxGywyQM,3892
 reach_commons/mongo/validation/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-reach_commons/reach_aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+reach_commons/reach_aws/__init__.py,sha256=xb97rt0lBd0wz9ZhULQ7YVAOceOS-AkvNVM4jfLOjYE,86
 reach_commons/reach_aws/commons.py,sha256=qQba0li75BIpmyVc0sDVrrxbtYvDCedF6RmFD-V4MYQ,259
+reach_commons/reach_aws/db_config.py,sha256=J0wRMutunOakSxYQbgvrIs1EphVuUWGVfLbHq_zmLOY,2649
 reach_commons/reach_aws/dynamo_db.py,sha256=BL3QcKzx4uZic-Ui12tln_GMSKe297FdfyIzFPE7veE,7140
 reach_commons/reach_aws/exceptions.py,sha256=x0RL5ktNtzxg0KykhEVWReBq_dEtciK6B2vMs_s4C9k,915
 reach_commons/reach_aws/firehose.py,sha256=1xFKLWMv3bNo3PPW5gtaL6NqzUDyVil6B768slj2wbY,5674
 reach_commons/reach_aws/kms.py,sha256=ZOfyJMQUgxJEojRoB7-aCxtATpNx1Ig522IUYH11NZ4,4678
-reach_commons/reach_aws/reach_rate_limiter.py,sha256=Z3gldy_EkkgVVl9rmc3t5xciccNPcRAiBY1stvr7YLw,7448
+reach_commons/reach_aws/reach_rate_limiter.py,sha256=G0An8cD0BDU7ZAuK3Xxjy2_fo7nL3ksf1LBHBlnX65s,8201
 reach_commons/reach_aws/s3.py,sha256=2MLlDNFx0SROJBpE_KjJefyrB7lMqTlrYuRhSZx4iKs,3945
 reach_commons/reach_aws/sqs.py,sha256=IKKWrd-qbhMMVYUvGbaq1ouVRdx-0u-SqwYaTcp0tWY,21645
 reach_commons/reach_base_model.py,sha256=vgdGDcZr3iXMmyRhmBhOf_LKWB_6QzT3r_Yiyo6OmEk,3009
@@ -29,6 +30,6 @@ reach_commons/redis_manager.py,sha256=yRed53ZKlbIb6rZnL53D1F_aB-xWT3nbeUP2cqYzho
 reach_commons/sms_smart_encoding.py,sha256=92y0RmZ0l4ONHpC9qeO5KfViSNq64yE2rc7lhNDSZqE,1241
 reach_commons/utils.py,sha256=dMgKIGqTgoSItuBI8oz81gKtW3qi21Jkljv9leS_V88,8475
 reach_commons/validations.py,sha256=x_lkrtlrCAJC_f7mZb19JjfKFbYlPFv-P84K_lbZyYs,1056
-reach_commons-0.18.37.dist-info/METADATA,sha256=k2xckMxe857fXHo3p-lUKT0eWFwHmXTumKIqcI5M2GM,1863
-reach_commons-0.18.37.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
-reach_commons-0.18.37.dist-info/RECORD,,
+reach_commons-0.18.39.dist-info/METADATA,sha256=vFcpcHbymVs11HSuD6S3ckIK9mcmeAiTJ9QWVlFXDXU,1863
+reach_commons-0.18.39.dist-info/WHEEL,sha256=FMvqSimYX_P7y0a7UY-_Mc83r5zkBZsCYPm7Lr0Bsq4,88
+reach_commons-0.18.39.dist-info/RECORD,,