Move constants.py to _internal (#7534)

* Don't call core constants from nginx plugin * Move constants.py to _internal/ * Move ENHANCEMENTS from now-internal constants to public plugins.enhancements * Update display.enhancements.ask from its 2015 comment
2026-01-26 07:41:33 +03:00 · 2019-11-11 15:41:40 -08:00
parent 08c1de34bd
commit 4792e1ee21
30 changed files with 47 additions and 73 deletions
--- a/certbot-apache/certbot_apache/configurator.py
+++ b/certbot-apache/certbot_apache/configurator.py
@@ -1612,9 +1612,9 @@ class ApacheConfigurator(common.Installer):

        :param str domain: domain to enhance
        :param str enhancement: enhancement type defined in
-            :const:`~certbot.constants.ENHANCEMENTS`
+            :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
        :param options: options for the enhancement
-            See :const:`~certbot.constants.ENHANCEMENTS`
+            See :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
            documentation for appropriate parameter.

        :raises .errors.PluginError: If Enhancement is not supported, or if
--- a/certbot-compatibility-test/certbot_compatibility_test/configurators/common.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/configurators/common.py
@@ -4,7 +4,7 @@ import os
 import shutil
 import tempfile

-from certbot import constants
+from certbot._internal import constants
 from certbot_compatibility_test import errors
 from certbot_compatibility_test import util

--- a/certbot-compatibility-test/certbot_compatibility_test/util.py
+++ b/certbot-compatibility-test/certbot_compatibility_test/util.py
@@ -9,7 +9,7 @@ import tarfile
 import josepy as jose

 from certbot.tests import util as test_util
-from certbot import constants
+from certbot._internal import constants

 from certbot_compatibility_test import errors

--- a/certbot-nginx/certbot_nginx/configurator.py
+++ b/certbot-nginx/certbot_nginx/configurator.py
@@ -17,7 +17,6 @@ from acme import challenges
 from acme import crypto_util as acme_crypto_util
 from acme.magic_typing import List, Dict, Set  # pylint: disable=unused-import, no-name-in-module

-from certbot import constants as core_constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import interfaces
@@ -101,9 +100,6 @@ class NginxConfigurator(common.Installer):
        openssl_version = kwargs.pop("openssl_version", None)
        super(NginxConfigurator, self).__init__(*args, **kwargs)

-        # Verify that all directories and files exist with proper permissions
-        self._verify_setup()
-
        # Files to save
        self.save_notes = ""

@@ -708,9 +704,9 @@ class NginxConfigurator(common.Installer):

        :param str domain: domain to enhance
        :param str enhancement: enhancement type defined in
-            :const:`~certbot.constants.ENHANCEMENTS`
+            :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
        :param options: options for the enhancement
-            See :const:`~certbot.constants.ENHANCEMENTS`
+            See :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
            documentation for appropriate parameter.

        """
@@ -929,18 +925,6 @@ class NginxConfigurator(common.Installer):
        except errors.SubprocessError as err:
            raise errors.MisconfigurationError(str(err))

-    def _verify_setup(self):
-        """Verify the setup to ensure safe operating environment.
-
-        Make sure that files/directories are setup with appropriate permissions
-        Aim for defensive coding... make sure all input files
-        have permissions of root.
-
-        """
-        util.make_or_verify_dir(self.config.work_dir, core_constants.CONFIG_DIRS_MODE)
-        util.make_or_verify_dir(self.config.backup_dir, core_constants.CONFIG_DIRS_MODE)
-        util.make_or_verify_dir(self.config.config_dir, core_constants.CONFIG_DIRS_MODE)
-
    def _nginx_version(self):
        """Return results of nginx -V

--- a/certbot/_internal/account.py
+++ b/certbot/_internal/account.py
@@ -16,7 +16,7 @@ from cryptography.hazmat.primitives import serialization
 from acme import fields as acme_fields
 from acme import messages

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import interfaces
 from certbot import util
--- a/certbot/_internal/client.py
+++ b/certbot/_internal/client.py
@@ -21,7 +21,7 @@ import certbot
 from certbot._internal import account
 from certbot._internal import auth_handler
 from certbot import cli
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot._internal import eff
 from certbot._internal import error_handler
--- a/certbot/_internal/constants.py
+++ b/certbot/_internal/constants.py
@@ -147,18 +147,6 @@ RENEWER_DEFAULTS = dict(
 )
 """Defaults for renewer script."""

-
-ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling"]
-"""List of possible :class:`certbot.interfaces.IInstaller`
-enhancements.
-
-List of expected options parameters:
- redirect: None
- ensure-http-header: name of header (i.e. Strict-Transport-Security)
- ocsp-stapling: certificate chain file path
-
-"""
-
 ARCHIVE_DIR = "archive"
 """Archive directory, relative to `IConfig.config_dir`."""

--- a/certbot/_internal/display/enhancements.py
+++ b/certbot/_internal/display/enhancements.py
@@ -18,7 +18,7 @@ def ask(enhancement):
    """Display the enhancement to the user.

    :param str enhancement: One of the
-        :class:`certbot.CONFIG.ENHANCEMENTS` enhancements
+        :const:`~certbot.plugins.enhancements.ENHANCEMENTS` enhancements

    :returns: True if feature is desired, False otherwise
    :rtype: bool
--- a/certbot/_internal/eff.py
+++ b/certbot/_internal/eff.py
@@ -4,7 +4,7 @@ import logging
 import requests
 import zope.component

-from certbot import constants
+from certbot._internal import constants
 from certbot import interfaces


--- a/certbot/_internal/log.py
+++ b/certbot/_internal/log.py
@@ -24,7 +24,7 @@ import traceback

 from acme import messages

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import util
 from certbot.compat import os
@@ -41,7 +41,7 @@ def pre_arg_parse_setup():
    """Setup logging before command line arguments are parsed.

    Terminal logging is setup using
-    `certbot.constants.QUIET_LOGGING_LEVEL` so Certbot is as quiet as
+    `certbot._internal.constants.QUIET_LOGGING_LEVEL` so Certbot is as quiet as
    possible. File logging is setup so that logging messages are
    buffered in memory. If Certbot exits before `post_arg_parse_setup`
    is called, these buffered messages are written to a temporary file.
--- a/certbot/_internal/main.py
+++ b/certbot/_internal/main.py
@@ -19,7 +19,7 @@ from certbot._internal import cert_manager
 from certbot import cli
 from certbot._internal import client
 from certbot import configuration
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot._internal import eff
 from certbot import errors
--- a/certbot/_internal/plugins/disco.py
+++ b/certbot/_internal/plugins/disco.py
@@ -10,7 +10,7 @@ import zope.interface
 import zope.interface.verify

 from acme.magic_typing import Dict  # pylint: disable=unused-import, no-name-in-module
-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import interfaces

--- a/certbot/_internal/storage.py
+++ b/certbot/_internal/storage.py
@@ -13,7 +13,7 @@ import six

 import certbot
 from certbot import cli
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot._internal import error_handler
 from certbot import errors
--- a/certbot/cli.py
+++ b/certbot/cli.py
@@ -22,7 +22,7 @@ from acme.magic_typing import Any, Dict, Optional
 import certbot
 import certbot.plugins.enhancements as enhancements
 import certbot._internal.plugins.selection as plugin_selection
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import hooks
--- a/certbot/configuration.py
+++ b/certbot/configuration.py
@@ -4,7 +4,7 @@ import copy
 import zope.interface
 from six.moves.urllib import parse  # pylint: disable=relative-import

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import interfaces
 from certbot import util
@@ -20,7 +20,7 @@ class NamespaceConfig(object):
    :class:`certbot.interfaces.IConfig`. However, note that
    the following attributes are dynamically resolved using
    :attr:`~certbot.interfaces.IConfig.work_dir` and relative
-    paths defined in :py:mod:`certbot.constants`:
+    paths defined in :py:mod:`certbot._internal.constants`:

      - `accounts_dir`
      - `csr_dir`
@@ -30,7 +30,7 @@ class NamespaceConfig(object):

    And the following paths are dynamically resolved using
    :attr:`~certbot.interfaces.IConfig.config_dir` and relative
-    paths defined in :py:mod:`certbot.constants`:
+    paths defined in :py:mod:`certbot._internal.constants`:

      - `default_archive_dir`
      - `live_dir`
--- a/certbot/display/util.py
+++ b/certbot/display/util.py
@@ -5,7 +5,7 @@ import textwrap

 import zope.interface

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import interfaces
 from certbot.compat import misc
--- a/certbot/interfaces.py
+++ b/certbot/interfaces.py
@@ -295,10 +295,10 @@ class IInstaller(IPlugin):

        :param str domain: domain for which to provide enhancement
        :param str enhancement: An enhancement as defined in
-            :const:`~certbot.constants.ENHANCEMENTS`
+            :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
        :param options: Flexible options parameter for enhancement.
            Check documentation of
-            :const:`~certbot.constants.ENHANCEMENTS`
+            :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
            for expected options for each enhancement.

        :raises .PluginError: If Enhancement is not supported, or if
@@ -310,7 +310,7 @@ class IInstaller(IPlugin):
        """Returns a `collections.Iterable` of supported enhancements.

        :returns: supported enhancements which should be a subset of
-            :const:`~certbot.constants.ENHANCEMENTS`
+            :const:`~certbot.plugins.enhancements.ENHANCEMENTS`
        :rtype: :class:`collections.Iterable` of :class:`str`

        """
--- a/certbot/plugins/common.py
+++ b/certbot/plugins/common.py
@@ -14,7 +14,7 @@ from josepy import util as jose_util
 from acme.magic_typing import List  # pylint: disable=unused-import, no-name-in-module

 from certbot import achallenges  # pylint: disable=unused-import
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import interfaces
--- a/certbot/plugins/common_test.py
+++ b/certbot/plugins/common_test.py
@@ -167,11 +167,11 @@ class InstallerTest(test_util.ConfigTestCase):
        self.assertTrue(os.path.isfile(self.installer.ssl_dhparams))

    def _current_ssl_dhparams_hash(self):
-        from certbot.constants import SSL_DHPARAMS_SRC
+        from certbot._internal.constants import SSL_DHPARAMS_SRC
        return crypto_util.sha256sum(SSL_DHPARAMS_SRC)

    def test_current_file_hash_in_all_hashes(self):
-        from certbot.constants import ALL_SSL_DHPARAMS_HASHES
+        from certbot._internal.constants import ALL_SSL_DHPARAMS_HASHES
        self.assertTrue(self._current_ssl_dhparams_hash() in ALL_SSL_DHPARAMS_HASHES,
            "Constants.ALL_SSL_DHPARAMS_HASHES must be appended"
            " with the sha256 hash of self.config.ssl_dhparams when it is updated.")
--- a/certbot/plugins/enhancements.py
+++ b/certbot/plugins/enhancements.py
@@ -2,10 +2,21 @@
 import abc
 import six

-from certbot import constants
+from certbot._internal import constants

 from acme.magic_typing import Dict, List, Any  # pylint: disable=unused-import, no-name-in-module

+ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling"]
+"""List of possible :class:`certbot.interfaces.IInstaller`
+enhancements.
+
+List of expected options parameters:
+- redirect: None
+- ensure-http-header: name of header (i.e. Strict-Transport-Security)
+- ocsp-stapling: certificate chain file path
+
+"""
+
 def enabled_enhancements(config):
    """
    Generator to yield the enabled new style enhancements.
--- a/certbot/reverter.py
+++ b/certbot/reverter.py
@@ -9,7 +9,7 @@ import traceback

 import six

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import util
 from certbot.compat import os
--- a/certbot/tests/account_test.py
+++ b/certbot/tests/account_test.py
@@ -278,7 +278,7 @@ class AccountFileStorageTest(test_util.ConfigTestCase):
        self._set_server('https://acme-staging.api.letsencrypt.org/directory')
        self.storage.save(self.acc, self.mock_client)
        # ensure v2 isn't already linked to it
-        with mock.patch('certbot.constants.LE_REUSE_SERVERS', {}):
+        with mock.patch('certbot._internal.constants.LE_REUSE_SERVERS', {}):
            self._set_server('https://acme-staging-v02.api.letsencrypt.org/directory')
            self.assertRaises(errors.AccountNotFound, self.storage.load, self.acc.id)

--- a/certbot/tests/cli_test.py
+++ b/certbot/tests/cli_test.py
@@ -12,7 +12,7 @@ from acme import challenges

 import certbot.tests.util as test_util
 from certbot import cli
-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot.compat import os
 from certbot.compat import filesystem
--- a/certbot/tests/configuration_test.py
+++ b/certbot/tests/configuration_test.py
@@ -3,7 +3,7 @@ import unittest

 import mock

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot.compat import misc
 from certbot.compat import os
--- a/certbot/tests/eff_test.py
+++ b/certbot/tests/eff_test.py
@@ -4,7 +4,7 @@ import unittest
 import mock
 import requests

-from certbot import constants
+from certbot._internal import constants
 import certbot.tests.util as test_util


--- a/certbot/tests/log_test.py
+++ b/certbot/tests/log_test.py
@@ -11,7 +11,7 @@ import six
 from acme import messages
 from acme.magic_typing import Optional  # pylint: disable=unused-import, no-name-in-module

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot import util
 from certbot.compat import filesystem
--- a/certbot/tests/main_test.py
+++ b/certbot/tests/main_test.py
@@ -24,7 +24,7 @@ import certbot.tests.util as test_util
 from certbot._internal import account
 from certbot import cli
 from certbot import configuration
-from certbot import constants
+from certbot._internal import constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import interfaces  # pylint: disable=unused-import
--- a/certbot/tests/util.py
+++ b/certbot/tests/util.py
@@ -20,7 +20,7 @@ from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization

 from certbot import configuration
-from certbot import constants
+from certbot._internal import constants
 from certbot import interfaces
 from certbot._internal import lock
 from certbot._internal import storage
--- a/certbot/util.py
+++ b/certbot/util.py
@@ -19,7 +19,7 @@ import six

 from acme.magic_typing import Tuple, Union  # pylint: disable=unused-import, no-name-in-module

-from certbot import constants
+from certbot._internal import constants
 from certbot import errors
 from certbot._internal import lock
 from certbot.compat import os
--- a/docs/api/constants.rst
+++ b/docs/api/constants.rst
@@ -1,9 +0,0 @@
-:mod:`certbot.constants`
-----------------------------------
-
-.. automodule:: certbot.constants
-   :members:
-   :exclude-members: SSL_DHPARAMS_SRC
-
-.. autodata:: SSL_DHPARAMS_SRC
-   :annotation: = '/path/to/certbot/ssl-dhparams.pem'