DEV Community: samconibear The latest articles on DEV Community by samconibear (@samconibear). https://dev.to/samconibear https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F867703%2F99c93130-60e4-4e9e-b1f3-31130c629d0e.png DEV Community: samconibear https://dev.to/samconibear en No Certs, No Secrets: Microsoft Graph on Azure using Entra Workload Identity Federation and Amazon Cognito (OIDC) samconibear Tue, 24 Mar 2026 14:24:22 +0000 https://dev.to/samconibear/no-certs-no-secrets-microsoft-graph-on-azure-using-entra-workload-identity-federation-and-amazon-18c9 https://dev.to/samconibear/no-certs-no-secrets-microsoft-graph-on-azure-using-entra-workload-identity-federation-and-amazon-18c9 <p>I recently needed to authenticate a server side only app with Microsoft Graph, without the requirements for client secrets or certificates (which require manual rotation in a enterprise security context).</p> <p>The solution is to use <em>Microsoft Entra Workload Identity Federation</em> (WIF) with Open ID Connect (OIDC) so that an app can obtain tokens by trusting an external OIDC identity provider, in this case Microsoft Azure AD.</p> <p>I could not find a good guide for this online so I decided to write my own.</p> <p>There are a number of steps required to make this solution a possible, as follows:</p> <ol> <li>Create an Identity Pool in Amazon Cognito</li> <li>Create an IAM Policy to allow access to said Pool</li> <li>Request a JWT from Amazon Cognito to create an identity</li> <li>Create an Azure AD app registration</li> <li>Configure the Azure AD app to trust the Identity Pool as an OIDC provider</li> <li>Exchange a JWT from Amazon Cognito with Microsoft for an Azure JWT</li> </ol> <h2> 1. Create an Identity Pool in Amazon Cognito </h2> <p>Amazon Cognito Identity Pools is a service that issues federated, temporary AWS-based identities. We will use our identity pool to generate OpenID Connect (OIDC) JWT tokens.<br> We will create an identity pool for authenticated access, with the identity source being an OIDC provider.<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85wddl20lfj46q2renr3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F85wddl20lfj46q2renr3.png" alt=" " width="800" height="258"></a></p> <h4> CDK: </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">DEVELOPER_PROVIDER_NAME</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">my.dev.provider</span><span class="dl">'</span> <span class="c1">// This can be whatever you want but must be dot delimited</span> <span class="kd">const</span> <span class="nx">identityPool</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">aws_cognito</span><span class="p">.</span><span class="nc">CfnIdentityPool</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">myIdentityPool</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">allowUnauthenticatedIdentities</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">developerProviderName</span><span class="p">:</span> <span class="nx">DEVELOPER_PROVIDER_NAME</span><span class="p">,</span> <span class="na">identityPoolName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">my-identity-pool</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Up to you</span> <span class="p">});</span> </code></pre> </div> <h2> 2. Create an IAM Policy to allow access to said Pool </h2> <p>We will need to create a policy to allow access to this identity pool from other services, for this demo we will use the default created role <strong>"Create a new IAM role"</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3u887eherubqs93rxm7j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3u887eherubqs93rxm7j.png" alt=" " width="800" height="209"></a><br> We will skip the other steps creation steps in the console.</p> <h4> CDK: </h4> <p>we will manually create the policy, and can assign it to a role later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">policy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">aws_iam</span><span class="p">.</span><span class="nc">PolicyStatement</span><span class="p">({</span> <span class="na">effect</span><span class="p">:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">aws_iam</span><span class="p">.</span><span class="nx">Effect</span><span class="p">.</span><span class="nx">ALLOW</span><span class="p">,</span> <span class="na">actions</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">cognito-identity:GetOpenIdTokenForDeveloperIdentity</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cognito-identity:GetId</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">resources</span><span class="p">:</span> <span class="p">[</span> <span class="nx">identityPoolArn</span> <span class="p">],</span> <span class="p">});</span> </code></pre> </div> <h2> 3. Request a JWT from Amazon Cognito to create an identity </h2> <p>Now we've created our Cognito Identity Pool, we can request a identity federation token from it. We will need to know the ID of our identity pool - This is the "audience" for our Azure identity federation.<br> We can get this from the AWS console under <strong>"Identity Pool ID"</strong> or from CDK by accessing the <a href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnIdentityPool.html#ref" rel="noopener noreferrer"><code>ref</code> property</a> of our <code>identityPool</code> </p> <p>to do this we must assume a role with the above policy assigned. I will do this by creating a AWS lambda function and assigning said role.</p> <h4> CDK: </h4> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">fn</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">lambda</span><span class="p">.</span><span class="nc">Function</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">GetToken</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">runtime</span><span class="p">:</span> <span class="nx">lambda</span><span class="p">.</span><span class="nx">Runtime</span><span class="p">.</span><span class="nx">PYTHON_3_14</span><span class="p">,</span> <span class="na">handler</span><span class="p">:</span> <span class="dl">'</span><span class="s1">index.handler</span><span class="dl">'</span><span class="p">,</span> <span class="na">code</span><span class="p">:</span> <span class="nx">lambda</span><span class="p">.</span><span class="nx">Code</span><span class="p">.</span><span class="nf">fromInline</span><span class="p">(</span><span class="s2">` from boto3 import client DEVELOPER_USER_NAME = 'my_user_id' # Note this down DEVELOPER_PROVIDER_NAME = '</span><span class="p">${</span> <span class="nx">DEVELOPER_PROVIDER_NAME</span> <span class="p">}</span><span class="s2">' # From earlier definition IDENTITY_POOL_ID = '</span><span class="p">${</span> <span class="nx">identityPool</span><span class="p">.</span><span class="nx">ref</span> <span class="p">}</span><span class="s2">' def handler(event, context): cognito_client = client('cognito-identity') return cognito_client.get_open_id_token_for_developer_identity( IdentityPoolId = IDENTITY_POOL_ID , Logins={ DEVELOPER_PROVIDER_NAME: DEVELOPER_USER_NAME }, TokenDuration=60, # s ) `</span> <span class="p">});</span> <span class="nx">fn</span><span class="p">.</span><span class="nf">addToRolePolicy</span><span class="p">(</span><span class="nx">policy</span><span class="p">)</span> </code></pre> </div> <p>it is important to note the chosen DEVELOPER_PROVIDER_NAME &amp; DEVELOPER_USER_NAME as the same values must be used to request tokens in the future.<br> After running the lambda we should receive a base64 encoded JWT of the shape:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"iss"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://cognito-identity.amazonaws.com"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sub"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REGION:GUID"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">&lt;--</span><span class="w"> </span><span class="err">Subject</span><span class="w"> </span><span class="nl">"aud"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REGION:IDENTITY_POOL_GUID"</span><span class="p">,</span><span class="w"> </span><span class="err">//</span><span class="w"> </span><span class="err">&lt;--</span><span class="w"> </span><span class="err">Audience</span><span class="w"> </span><span class="nl">"amr"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"authenticated"</span><span class="p">,</span><span class="w"> </span><span class="s2">"my.dev.provider"</span><span class="p">,</span><span class="w"> </span><span class="s2">"my.dev.provider-&lt;region&gt;:&lt;pool&gt;:&lt;user&gt;"</span><span class="p">],</span><span class="w"> </span><span class="nl">"iat"</span><span class="p">:</span><span class="w"> </span><span class="mi">1686577419</span><span class="p">,</span><span class="w"> </span><span class="nl">"exp"</span><span class="p">:</span><span class="w"> </span><span class="mi">1686581019</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>note down the subject and audience. If you don't want to decode the token then you can also obtain the values from observing the newly created identity in the AWS console:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotqhp19zx7uvc0d3dx5o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fotqhp19zx7uvc0d3dx5o.png" alt=" " width="493" height="510"></a></p> <h2> 4. Create an Azure AD app registration </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsk5kygv3pt06xjre1wpg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsk5kygv3pt06xjre1wpg.png" alt=" " width="624" height="128"></a><br> For registering an app in enterprise cloud, refer to the official instructions from your enterprise company governance to create this app</p> <h2> 5. Configure the Azure AD app to trust the Identity Pool as an OIDC provider </h2> <p>In your app, navigate to <code>Manage</code> &gt; <code>Certificates &amp; secrets</code><br> Select <code>Federated credentials</code> and <code>Add credential</code><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmj21h5u4lhkwm5dalkm4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmj21h5u4lhkwm5dalkm4.png" alt=" " width="702" height="164"></a><br> for <code>Federated credential scenario</code> select <code>Other issuer</code><br> for <code>Issuer</code>, enter <code>https://cognito-identity.amazonaws.com</code><br> for type select <code>Explicit subject identifier</code><br> for the <code>Value</code> use the use the 'Subject' obtained earlier<br> Under Credential details, enter a <code>Name</code> and <code>Description</code> of whatever you want<br> for the <code>Audience</code> use the 'Audience' obtained earlier (the Identity Pool ID)</p> <h2> 6. Exchange a JWT from Amazon Cognito with Microsoft for an Azure JWT </h2> <p>That's it! We can now use the client credentials flow with a federated credential.</p> <p>Lastly, we need to note the tenant &amp; client id's for the App, we can see these in the 'Overview' of our app in Azure portal:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2z6sgt1eyu74ba6rf3p0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2z6sgt1eyu74ba6rf3p0.png" alt=" " width="800" height="365"></a></p> <p>Now let's call Entra's /token endpoint and pass the Cognito ID token as the client_assertion:</p> <h4> Python Code: </h4> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">client</span> <span class="kn">from</span> <span class="n">urllib3</span> <span class="kn">import</span> <span class="n">PoolManager</span> <span class="n">DEVELOPER_PROVIDER_NAME</span> <span class="o">=</span> <span class="sh">'</span><span class="s">my.dev.provider</span><span class="sh">'</span> <span class="n">DEVELOPER_USER_NAME</span> <span class="o">=</span> <span class="sh">'</span><span class="s">my_user_id</span><span class="sh">'</span> <span class="n">IDENTITY_POOL_ID</span> <span class="o">=</span> <span class="sh">'</span><span class="s">&lt;REGION&gt;:&lt;ID&gt;</span><span class="sh">'</span> <span class="c1"># get from AWS or pass as env var from cdk </span> <span class="n">AZURE_APP_TENANT_ID</span> <span class="o">=</span> <span class="sh">'</span><span class="s">&lt;TENANT-ID-FROM-STEP-ABOVE&gt;</span><span class="sh">'</span> <span class="n">AZURE_APP_CLIENT_ID</span> <span class="o">=</span> <span class="sh">'</span><span class="s">&lt;CLIENT-ID-FROM-STEP-ABOVE&gt;</span><span class="sh">'</span> <span class="n">cognito_client</span> <span class="o">=</span> <span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">cognito-identity</span><span class="sh">'</span><span class="p">)</span> <span class="n">cognito_resp</span> <span class="o">=</span> <span class="n">cognito_client</span><span class="p">.</span><span class="nf">get_open_id_token_for_developer_identity</span><span class="p">(</span> <span class="n">IdentityPoolId</span> <span class="o">=</span> <span class="n">IDENTITY_POOL_ID</span> <span class="p">,</span> <span class="n">Logins</span><span class="o">=</span><span class="p">{</span> <span class="n">DEVELOPER_PROVIDER_ID</span><span class="p">:</span> <span class="n">DEVELOPER_USER_NAME</span> <span class="p">},</span> <span class="n">TokenDuration</span><span class="o">=</span><span class="mi">120</span><span class="p">,</span> <span class="c1"># s </span><span class="p">)</span> <span class="n">client_assertion_jwt</span> <span class="o">=</span> <span class="n">cognito_resp</span><span class="p">[</span><span class="sh">'</span><span class="s">Token</span><span class="sh">'</span><span class="p">]</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">'</span><span class="s">https://login.microsoftonline.com/</span><span class="si">{</span><span class="n">AZURE_APP_TENANT_ID</span> <span class="si">}</span><span class="s">/oauth2/v2.0/token</span><span class="sh">'</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">client_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">AZURE_APP_CLIENT_ID</span> <span class="p">,</span> <span class="sh">'</span><span class="s">scope</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">https://graph.microsoft.com/.default</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">client_assertion_type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">"</span><span class="s">urn:ietf:params:oauth:client-assertion-type:jwt-bearer</span><span class="sh">"</span><span class="p">,</span> <span class="sh">'</span><span class="s">client_assertion</span><span class="sh">'</span><span class="p">:</span> <span class="n">client_assertion_jwt</span> <span class="p">,</span> <span class="sh">'</span><span class="s">grant_type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">client_credentials</span><span class="sh">'</span><span class="p">,</span> <span class="p">}</span> <span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">Content-Type</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">application/x-www-form-urlencoded</span><span class="sh">'</span><span class="p">,</span> <span class="p">}</span> <span class="n">http</span> <span class="o">=</span> <span class="nc">PoolManager</span><span class="p">()</span> <span class="n">r</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">,</span> <span class="n">url</span><span class="p">,</span> <span class="n">body</span><span class="o">=</span><span class="nf">urlencode</span><span class="p">(</span><span class="n">payload</span><span class="p">),</span> <span class="n">headers</span><span class="o">=</span><span class="n">headers</span><span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="sh">'</span><span class="s">utf-8</span><span class="sh">'</span><span class="p">))</span> <span class="k">if</span> <span class="sh">'</span><span class="s">access_token</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">data</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">Exception</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">access token not in graph response: </span><span class="si">{</span><span class="n">data</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">access_token</span><span class="sh">'</span><span class="p">])</span> </code></pre> </div> <h3> Test by calling Graph API </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-sS</span> https://graph.microsoft.com/v1.0/applications?<span class="nv">$top</span><span class="o">=</span>1 <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer &lt;ACCESS_TOKEN&gt;"</span> </code></pre> </div> <p>(Your app must have the corresponding Application permissions approved - e.g., Application.Read.All for the call above.)</p> azure microsoftgraph security aws Building Robust Python Data Models with Pydantic Validators samconibear Wed, 12 Mar 2025 13:09:06 +0000 https://dev.to/samconibear/building-robust-python-data-models-with-pydantic-validators-41lf https://dev.to/samconibear/building-robust-python-data-models-with-pydantic-validators-41lf <h2> What is Pydantic? </h2> <p>Pydantic is a powerful data validation library for Python that leverages Python’s type hints. It is particularly useful for ensuring data integrity and consistency in complex applications, helping to catch errors in development.<br> <br></p> <h2> What are Validators? </h2> <p>Validators in Pydantic ensure that data conforms to specific rules beyond basic type checking, enabling the enforcement of sophisticated validation logic.</p> <h2> Working Example </h2> <p>Let's take the example of a % discount on a product. With pydantic, we can define the model of a <code>Product</code> and ensure that the discount value will be a <code>float</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="k">class</span> <span class="nc">Product</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">discount</span><span class="p">:</span> <span class="nb">float</span> </code></pre> </div> <p>Unfortunatly, this description of the product does not give us full control over the data structure. The discount is enforced to be a floating point number, but it could be 0.1, 999.1 or -3.14, which does not make sense in the context of a percentage.<br> <br></p> <h2> Where Validators come in </h2> <p>Using Pydantic Validators, we can enforce custom type checking! In this case let's set the bounds of <code>discount</code> to be between 0 and 1.<br> There are 2 ways of defining a custom validator:<br> <br></p> <h3> Using the <code>@field_validator</code> Decorator </h3> <p>we define a decorated function used to validate the <code>discount</code> field, where we return a <code>ValueError</code> if the validation criteria is not met.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">field_validator</span> <span class="k">class</span> <span class="nc">Product</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">discount</span><span class="p">:</span> <span class="nb">float</span> <span class="nd">@field_validator</span><span class="p">(</span><span class="sh">'</span><span class="s">discount</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">bounded_0_1</span><span class="p">(</span><span class="n">value</span><span class="p">:</span> <span class="nb">float</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">float</span><span class="p">:</span> <span class="k">if</span> <span class="mf">0.</span> <span class="o">&lt;=</span> <span class="n">value</span> <span class="ow">and</span> <span class="n">value</span> <span class="o">&lt;=</span> <span class="mf">1.</span><span class="p">:</span> <span class="k">return</span> <span class="n">value</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="si">{</span><span class="n">value</span><span class="si">}</span><span class="s"> is not between 0 and 1</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h3> Using <code>Annotated</code> from the <code>typing</code> module </h3> <p>You can also define a validator by providing a metadata function to the standard library's <code>Annotated</code>. This is especialy useful if you have a commonly used validator that resides somewhere else in the code base, allowing you to import it when needed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">AfterValidator</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Annotated</span> <span class="c1"># Avaliable from typing_extensions in python versions older than 3.9 </span><span class="kn">from</span> <span class="n">validators</span> <span class="kn">import</span> <span class="n">bounded_0_1</span> <span class="k">class</span> <span class="nc">Product</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">discount</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">float</span><span class="p">,</span> <span class="nc">AfterValidator</span><span class="p">(</span><span class="n">bounded_0_1</span><span class="p">)]</span> </code></pre> </div> <p>AfterValidator runs after Pydantic's internal validation. I would almost always advocate for using this over other types of validators, as they are generally more type safe.<br> <br></p> <h3> Builtin Validators </h3> <p>Pydantic also provides a number of built in validation via the <code>Field</code> class, which allows us to acheive the same result using a shorter inline notation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span><span class="p">,</span> <span class="n">Field</span> <span class="k">class</span> <span class="nc">Product</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">discount</span><span class="p">:</span> <span class="n">Annotated</span><span class="p">[</span><span class="nb">float</span><span class="p">,</span> <span class="nc">Field</span><span class="p">(</span><span class="n">strict</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">ge</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">le</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> </code></pre> </div> <h2> Conclusion </h2> <p>Pydantic validators provide a flexible and powerful way to enforce custom validation logic in your data models. By leveraging these validators, you can ensure that your data is accurate and consistent, reducing the likelihood of errors and improving the overall robustness of your applications. </p> <p>Validators are just one of many powerful <a href="https://docs.pydantic.dev/" rel="noopener noreferrer">Pydantic</a> features that transform python into a more reliable programming language for large scale projects.</p> python programming tutorial Pythonic Peculiarities samconibear Tue, 19 Sep 2023 17:42:47 +0000 https://dev.to/samconibear/pythonic-peculiarities-3bnb https://dev.to/samconibear/pythonic-peculiarities-3bnb <p>I recently had what I described to some friends as a '<em>revelation</em>'. Thinking I'd had some kind of spiritual awakening or deep philosophical discovery they were slightly underwhelmed when I told them Id developed a deeper level of understanding of another one of Python's unique quirks.</p> <p>In this post I wanted to address some of the features of the language that make it so unique compared to other programming languages.</p> <h2> Exceptions as Part of Logic </h2> <p>While in any other language throwing an error is a resource intensive procedure and as such should never be used to control the flow of a program. This is not true with python, as throwing is both less costly, and the sluggishness of the language in general means alternatives flow control methods are no quicker. </p> <p>There are many in the python community that advocate for using exceptions as part of control logic, and there are some scenarios where it could improve readability. For example, consider the scenario of obtaining an item nested deep within a dictionary, where a key/value may or may not exist at any level of the nested structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">d</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">e</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">exists</span><span class="sh">"</span><span class="p">}}}}}</span> </code></pre> </div> <p>Traditional Style:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="sh">"</span><span class="s">a</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span> \ <span class="ow">and</span> <span class="sh">"</span><span class="s">b</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">]</span> \ <span class="ow">and</span> <span class="sh">"</span><span class="s">c</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">]</span> \ <span class="ow">and</span> <span class="sh">"</span><span class="s">d</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">]</span> \ <span class="ow">and</span> <span class="sh">"</span><span class="s">d</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">]</span> \ <span class="ow">and</span> <span class="sh">"</span><span class="s">e</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">]:</span> <span class="k">return</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">e</span><span class="sh">"</span><span class="p">]</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">does not exist</span><span class="sh">"</span> </code></pre> </div> <p>Using the Exception style reduces the code to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">try</span><span class="p">:</span> <span class="k">return</span> <span class="n">d</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">e</span><span class="sh">"</span><span class="p">]</span> <span class="nf">except </span><span class="p">(</span><span class="nb">KeyError</span><span class="p">):</span> <span class="k">return</span> <span class="sh">"</span><span class="s">does not exist</span><span class="sh">"</span> </code></pre> </div> <h2> Complex Index Slicing </h2> <p>Python makes slicing very syntactically simple through the use of negative slice parameters allowing you to index counting from the <em>end</em> of the array, and when provided as a step, re-index from the back of the array:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># get the last element </span><span class="n">a</span><span class="p">[</span><span class="o">-</span><span class="mi">5</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># get the last 5 elements </span><span class="n">a</span><span class="p">[</span><span class="o">-</span><span class="mi">5</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">:</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># same as above, but reversed </span><span class="n">a</span><span class="p">[::</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># Cheeky one liner to reverse a string / list. </span></code></pre> </div> <p>It's clear that this feature is much appreciated by developers, as javascript implemented the <code>.at()</code> method in ECMAScript 2022, allowing js devs to finally mimic this functionality.</p> <h2> List, Set &amp; Generator Comprehensions </h2> <p>This wouldn't be a python feature list without including the famous list comprehension. Without going into too much detail, comprehensions can be used to re-write common iterative behaviors in one liners.</p> <p>Comprehension can be used in place of the map function, for example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Find the transpose of a matrix </span><span class="n">m</span> <span class="o">=</span> <span class="p">[[</span><span class="mi">1</span><span class="p">,</span><span class="mi">2</span><span class="p">,</span><span class="mi">3</span><span class="p">],</span> <span class="p">[</span><span class="mi">4</span><span class="p">,</span><span class="mi">5</span><span class="p">,</span><span class="mi">6</span><span class="p">],</span> <span class="p">[</span><span class="mi">7</span><span class="p">,</span><span class="mi">8</span><span class="p">,</span><span class="mi">9</span><span class="p">]]</span> <span class="n">transpose</span> <span class="o">=</span> <span class="p">[[</span><span class="n">r</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">m</span><span class="p">]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">3</span><span class="p">)]</span> <span class="c1"># Find primes under 100 </span><span class="p">{</span><span class="n">x</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">100</span><span class="p">)</span> <span class="k">if</span> <span class="nf">all</span><span class="p">(</span><span class="n">x</span> <span class="o">%</span> <span class="n">y</span> <span class="k">for</span> <span class="n">y</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="n">x</span><span class="p">))}</span> <span class="c1"># Update an existing dictionary </span><span class="n">d</span> <span class="o">=</span> <span class="p">{</span><span class="sh">'</span><span class="s">a</span><span class="sh">'</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="sh">'</span><span class="s">b</span><span class="sh">'</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="sh">'</span><span class="s">c</span><span class="sh">'</span><span class="p">:</span> <span class="mi">3</span><span class="p">}</span> <span class="p">{</span> <span class="n">k</span><span class="p">:</span> <span class="n">v</span><span class="o">+</span><span class="mi">1</span> <span class="nf">for </span><span class="p">(</span><span class="n">k</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span> <span class="ow">in</span> <span class="n">d</span><span class="p">.</span><span class="nf">items</span><span class="p">()</span> <span class="p">}</span> <span class="c1"># Square number generator </span><span class="p">(</span><span class="n">i</span> <span class="o">*</span> <span class="n">i</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">100</span><span class="p">))</span> </code></pre> </div> <h1> Using Indentation for Scope </h1> <p>I've added this as a joke, however I think most python devs would agree that using indentation to define scope slows development and makes the language feel clunky. <br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhxnr5j4p22dwkvifb726.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhxnr5j4p22dwkvifb726.jpg" alt=" " width="800" height="687"></a></p> <p>I have had this post sitting in my drafts for ages, but I am tempted to make this into a series, as there are still some other python features I'd like to discuss.</p> python Checking a URI string is valid in JavaScript samconibear Wed, 15 Feb 2023 22:06:43 +0000 https://dev.to/samconibear/checking-a-uri-string-is-valid-in-javascript-1odj https://dev.to/samconibear/checking-a-uri-string-is-valid-in-javascript-1odj <p>I recently needed a way of checking if the syntax of a URL is valid, you'd think that JavaScript (a language designed for the web) would have an easy way of doing so. I found that the answer is not so simple.</p> <p>What makes a URI valid or invalid? As specified in <a href="https://www.rfc-editor.org/rfc/rfc3986#section-2" rel="noopener noreferrer">RFC 3986 - URI Generic Syntax</a> (Berners Lee, et al. 2005) there are a set of rules and allowed characters making up a URI. here I will discuss the <strong><em>methods of validating a URI in JavaScript:</em></strong></p> <ul> <li>URL Constructor</li> <li>DOM Element</li> <li>RegEx</li> <li>Complete Method</li> </ul> <h2> URL Constructor <a></a> </h2> <p>The most simple and obvious method, try to create an instance of JavaScript's native URL object using the string.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://url-with-invalid-[chars].com/</span><span class="dl">'</span><span class="p">);</span> <span class="o">&gt;</span> <span class="nx">Uncaught</span> <span class="nx">TypeError</span><span class="p">:</span> <span class="nx">Failed</span> <span class="nx">to</span> <span class="nx">construct</span> <span class="dl">'</span><span class="s1">URL</span><span class="dl">'</span><span class="p">:</span> <span class="nx">Invalid</span> <span class="nx">URL</span> </code></pre> </div> <p>However if it is invalid it will throw an error. Generally throwing Errors as flow control is bad practice in most programming languages as it is a resource intensive operation. However as you will see later, this is not such an issue.</p> <p>Wrapping the constructor function in a try/catch it becomes more usable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isUriValid</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="k">new</span> <span class="nc">URL </span><span class="p">(</span><span class="nx">string</span><span class="p">);</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Based on my tests this seems to take &lt; 0.2 ms to compute.</p> <h3> Pro's: </h3> <ul> <li>Simple &amp; easy to read / understand.</li> </ul> <h3> Con's: </h3> <ul> <li>Throwing Errors as flow control is bad practice.</li> <li>Does not throw if invalid characters are used (EG: <code>http://£*(){}.com/</code>).</li> </ul> <h2> DOM Element <a></a> </h2> <p>Improves on the previous method by natively returning true/false instead of throwing an error, but still has many of the same shortcomings. It works by taking advantage of the fact that the href of an element defaults to the window hostname if you try to manually set it to an invalid URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isUriValid</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">a</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">a</span><span class="dl">'</span><span class="p">);</span> <span class="nx">a</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">invalid url</span><span class="dl">'</span><span class="p">;</span> <span class="k">return </span><span class="p">(</span><span class="nx">a</span><span class="p">.</span><span class="nx">host</span> <span class="o">&amp;&amp;</span> <span class="nx">a</span><span class="p">.</span><span class="nx">host</span> <span class="o">!=</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">host</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>In my tests this took 0.2 - 0.6 ms to complete.</p> <h3> Pro's: </h3> <ul> <li>No Error throwing.</li> </ul> <h3> Con's: </h3> <ul> <li>returns false if protocol is missing (EG: <code>https://</code> or <code>ftp://</code>).</li> <li>does not return false when invalid characters are used (EG: <code>http://*£){.com</code>).</li> </ul> <h2> RegEx <a></a> </h2> <p>Using a good old Regular Expression, all be it a rather lengthy one. The benefit of this method is that it can handle all characters, however I would not recommend it due to the fact that it is VERY slow for long URLs, and the compute time scales with the length of the string. It's worth noting that you could modify it to make it quicker if you only want to validate the hostname for example. Here is an example of one written by somebody else.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isUriValid</span><span class="p">(</span><span class="nx">string</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">re</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RegExp</span><span class="p">(</span><span class="dl">'</span><span class="s1">^([a-z]*:</span><span class="se">\\</span><span class="s1">/</span><span class="se">\\</span><span class="s1">/)?</span><span class="dl">'</span><span class="o">+</span> <span class="c1">// protocol</span> <span class="dl">'</span><span class="s1">((([a-z</span><span class="se">\\</span><span class="s1">d]([a-z</span><span class="se">\\</span><span class="s1">d-]*[a-z</span><span class="se">\\</span><span class="s1">d])*)</span><span class="se">\\</span><span class="s1">.)+[a-z]{2,}|</span><span class="dl">'</span><span class="o">+</span> <span class="c1">// hostname</span> <span class="dl">'</span><span class="s1">((</span><span class="se">\\</span><span class="s1">d{1,3}</span><span class="se">\\</span><span class="s1">.){3}</span><span class="se">\\</span><span class="s1">d{1,3}))</span><span class="dl">'</span><span class="o">+</span> <span class="c1">// or ipv4 address</span> <span class="dl">'</span><span class="s1">(</span><span class="se">\\</span><span class="s1">:</span><span class="se">\\</span><span class="s1">d+)?(</span><span class="se">\\</span><span class="s1">/[-a-z</span><span class="se">\\</span><span class="s1">d%_.~+]*)*</span><span class="dl">'</span><span class="o">+</span> <span class="c1">// port and path</span> <span class="dl">'</span><span class="s1">(</span><span class="se">\\</span><span class="s1">?[;&amp;a-z</span><span class="se">\\</span><span class="s1">d%_.~+=-]*)?</span><span class="dl">'</span><span class="o">+</span> <span class="c1">// query string</span> <span class="dl">'</span><span class="s1">(</span><span class="se">\\</span><span class="s1">#[-a-z</span><span class="se">\\</span><span class="s1">d_]*)?$</span><span class="dl">'</span><span class="p">,</span><span class="dl">'</span><span class="s1">i</span><span class="dl">'</span> <span class="c1">// hash</span> <span class="p">);</span> <span class="k">return</span> <span class="nx">re</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">string</span><span class="p">);</span> </code></pre> </div> <p>In my tests this took 1100 - 1300 ms with a 30 character string.</p> <h3> Pro's: </h3> <ul> <li>Handles all domains and invalid characters.</li> <li>Flexibility to be modified for custom use cases.</li> </ul> <h3> Con's: </h3> <ul> <li>Hard to read.</li> <li>Very slow.</li> </ul> <h2> Conclusion </h2> <p>None of these methods are ideal in my opinion, but if I had to pick one I'd go for the URL class constructor, however this doesn't give you 100% validation as it doesn't check for some invalid characters.</p> <p>The best way to truly validate a URL is use a combination of the URL constructor with RegEx. Below I have detailed a function that should handle all possible URL cases.</p> <h2> Complete Method <a></a> </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">isUriValid</span><span class="p">(</span><span class="nx">url</span><span class="p">)</span> <span class="p">{</span> <span class="kd">let</span> <span class="nx">uri</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">uri</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URL</span><span class="p">(</span><span class="nx">url</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Validate the Protocol:</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/</span><span class="se">[</span><span class="sr">a-z</span><span class="se">]</span><span class="sr">+</span><span class="se">\:\/\/</span><span class="sr">$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">protocol</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Now Validate the Hostname:</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">hostname</span> <span class="o">!==</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/^</span><span class="se">[</span><span class="sr">a-zA-Z</span><span class="se">\d]</span><span class="sr">+</span><span class="se">[</span><span class="sr">a-zA-Z</span><span class="se">\d</span><span class="sr">-.@</span><span class="se">]</span><span class="sr">*</span><span class="se">[</span><span class="sr">a-zA-Z</span><span class="se">\d]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">hostname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// The Port:</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">port</span><span class="o">!==</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/^</span><span class="se">([</span><span class="sr">1-9</span><span class="se">][</span><span class="sr">0-9</span><span class="se">]{0,3}</span><span class="sr">|</span><span class="se">[</span><span class="sr">1-5</span><span class="se">][</span><span class="sr">0-9</span><span class="se">]{4}</span><span class="sr">|6</span><span class="se">[</span><span class="sr">0-4</span><span class="se">][</span><span class="sr">0-9</span><span class="se">]{3}</span><span class="sr">|65</span><span class="se">[</span><span class="sr">0-4</span><span class="se">][</span><span class="sr">0-9</span><span class="se">]{2}</span><span class="sr">|655</span><span class="se">[</span><span class="sr">0-2</span><span class="se">][</span><span class="sr">0-9</span><span class="se">]</span><span class="sr">|6553</span><span class="se">[</span><span class="sr">0-5</span><span class="se">])</span><span class="sr">$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Now the Path:</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">pathname</span> <span class="o">!==</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/^</span><span class="se">\/[</span><span class="sr">-a-zA-Z</span><span class="se">\d</span><span class="sr">%_.~+</span><span class="se">]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Search Parameters:</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">search</span> <span class="o">!==</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/^</span><span class="se">[</span><span class="sr">?;&amp;a-zA-Z</span><span class="se">\d</span><span class="sr">%_.~+=-</span><span class="se">]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Lastly the URI Fragment:</span> <span class="k">if </span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">hash</span> <span class="o">!==</span> <span class="dl">''</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="sr">/^</span><span class="se">\#[</span><span class="sr">-a-z</span><span class="se">\d</span><span class="sr">_</span><span class="se">]</span><span class="sr">+$/</span><span class="p">.</span><span class="nf">test</span><span class="p">(</span><span class="nx">uri</span><span class="p">.</span><span class="nx">pathname</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>If you know of any other methods of validating URL's other than those stated above, please leave a comment on this post as I'd love to hear some other options.</p> devto announcement contributorswanted AWS S3 - SAA Cheat Sheet samconibear Mon, 14 Nov 2022 18:08:27 +0000 https://dev.to/samconibear/aws-s3-saa-cheat-sheet-53fd https://dev.to/samconibear/aws-s3-saa-cheat-sheet-53fd <p>This page contains information I have collated on Amazon S3. If you know the basics of S3 and how it is used, this cheat sheet should cover the specific areas that could come up in the Solutions Architect Associate exam.</p> <h3> Naming Convention </h3> <ul> <li>MUST BE: <ul> <li>Globally Unique</li> <li>3 -63 characters</li> <li>All lowercase</li> <li>No_underscore</li> <li>Not an IP-address</li> <li>Not start with <code>xn-</code> or end with <code>-s3alias</code> </li> </ul> </li> </ul> <h3> Security </h3> <ul> <li>An object can be accessed if allowed by IAM <strong>OR</strong> bucket policy / ACL</li> <li>Security can be controlled using: <ul> <li> <strong>IAM</strong> - <strong>always takes priority</strong>.</li> <li> <strong>Bucket Policy</strong> - can be cross account.</li> <li> <strong>Object ACL</strong> - fine grain control (can be disabled).</li> <li> <strong>Bucket ACL</strong> - less common (can be disabled).</li> </ul> </li> </ul> <h3> Encryption </h3> <ul> <li>You can force Encryption using <strong>Bucket policies</strong> or use S3 'default encryption'</li> <li>The types of encryption are: <ul> <li> <strong>SSE-S3</strong> - Key managed by aws.</li> <li> <strong>SSE-KMS</strong> - Key controlled by user within aws.</li> <li> <strong>SSE-C</strong> - Key fully controlled by user (not stored in aws).</li> <li> <strong>Client-Side-Encryption</strong> - Self explanatory.</li> </ul> </li> </ul> <h3> Replication </h3> <ul> <li> <strong>Versioning must be enabled for replication</strong>.</li> <li>There are 2 types: <ol> <li>CRR (Cross Region Replication)</li> <li>SRR (Same Region Replication) </li> </ol> </li> <li>Only new objects will be replicated after replication is enabled.</li> <li>For old objects, use <strong>S3 BATCH REPLICATION</strong>.</li> </ul> <h3> Storage Classes </h3> <p>It is possible to move an object to any storage class below it in this table:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ______________________________________________________ | NAME | RETRIVAL FEE | MINIMUM DURATION | |____________________|______________|__________________| |S3 Standard | None | None | |Infrequent Access | per GB | 30 days | |Intelligent Tiering | None | None | |One Zone IA | per GB | 90 days | |Glacier Instant | per GB | 90 days | |Glacier Flexible | per GB | 90 days | |Deep Archive | per GB | 180 days | </code></pre> </div> <h3> Lifecycle Rules </h3> <ul> <li>Used to automate the moving of objects.</li> <li>Types: <ul> <li> <strong>Transition action</strong>: Move tier after a certain time.</li> <li> <strong>Expiration action</strong>: Delete after time / old version / incomplete multi-part upload.</li> </ul> </li> </ul> <h3> Versioning </h3> <ul> <li>Enabling versioning on a bucket with existing items will give them the version number: null.</li> </ul> <h3> Multi Part Upload </h3> <ul> <li>Required for files over 5GB.</li> <li>Recommended for files over 100MB. </li> </ul> <h3> S3 Event Notifications </h3> <ul> <li>Integrate S3 events with: <strong>SNS, SQS, Lambda, Event Bridge</strong> </li> </ul> <h3> CORS (Cross Origin Resource Sharing) </h3> <ul> <li>If accessing an S3 bucket from another origin, you need to allow <code>Access-Control-Allow-Origin</code> in the bucket policy for that or all origins.</li> </ul> <h3> Requester Pays Buckets </h3> <ul> <li>The requester of the data pays for the networking cost of downloading the object instead of the bucket owner.</li> <li>As a result the requester cannot be anonymous.</li> </ul> <h3> Transfer Acceleration </h3> <ul> <li>Transfer to S3 via edge location to utilise speed of private AWS network.</li> </ul> <h3> Byte Range Fetch </h3> <ul> <li>Retrieve a specific no. of bytes.</li> <li>Multiple fetch can be done in parallel.</li> </ul> <h3> S3 Select </h3> <ul> <li>Use SQL to filter S3.</li> </ul> <h3> S3 Batch </h3> <ul> <li>Perform bulk operations with a single request.</li> </ul> <h3> Pre Signed URLs </h3> <ul> <li>The user that receives the URL inherits the permissions of the user who generated it.</li> </ul> <h3> S3 Vault Lock </h3> <ul> <li>Block object version from deleting.</li> <li>Must set a fixed period.</li> <li>Versioning must be enabled.</li> <li>Retention Modes: <ul> <li> <strong>Compliance</strong> - No Admins</li> <li> <strong>Governance</strong> - Admins</li> <li> <strong>Legal Hold</strong> - Protect indefinitely - Admins</li> </ul> </li> </ul> <h3> Glacier Vault Lock </h3> <ul> <li>The object can never be deleted.</li> <li>WORM - Write Once Read Many.</li> </ul> <h3> S3 Access Points </h3> <ul> <li>Manage permissions through "access points" which can be assigned to multiple user groups.</li> </ul> <h3> S3 Object Lambda </h3> <ul> <li>Modify data requested by S3 via a <strong>Access Point</strong>.</li> <li>Can use data from AWS managed databases.</li> </ul> aws Useful Git Commands samconibear Wed, 25 May 2022 20:06:46 +0000 https://dev.to/samconibear/useful-git-commands-gf6 https://dev.to/samconibear/useful-git-commands-gf6 <p>Git is a fantastic technology that not only provides historical tracking of source code throughout development, but also enables multiple developers to work on the same project without stepping on each others feet. </p> <p>I wanted to create a sort of <em>cheat sheet</em> for git commands that I find myself using often. I will continue to update this post as I discover other handy git commands.</p> <h1> Starter Git Commands: </h1> <h4> 1. Create and checkout a new branch </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git checkout <span class="nt">-b</span> &lt;branch&gt; </code></pre> </div> <h4> 2. Discard changes to a file. </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git checkout <span class="nt">--</span> &lt;file&gt; </code></pre> </div> <h4> 3. Rename a local branch </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git branch <span class="nt">-m</span> &lt;oldName&gt; &lt;newName&gt; </code></pre> </div> <h4> 4. Merge a specified branch into the currently checked out branch. </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git merge &lt;branch&gt; </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F38p9t5vbj0wb7oux40eu.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F38p9t5vbj0wb7oux40eu.gif" alt="GIT MERGE" width="600" height="335"></a></p> <h1> More Git Commands: </h1> <h4> 1. Stage all changes </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add <span class="nt">-A</span> </code></pre> </div> <p>stage all new, modified or removed files to the working tree. Note this is different to <code>git add .</code> which only stages new and existing files.<br> <br></p> <h4> 2. Review all changes </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git diff HEAD </code></pre> </div> <p>The same as <code>git diff</code> but reviews all changes rather than just those unstaged.<br> <br></p> <h4> 3. Remove a file from the repo but keep it in your project directory </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git <span class="nb">rm</span> <span class="nt">--cached</span> &lt;filename&gt; </code></pre> </div> <p>Very useful when you have files you don't want tracked that you forgot to specify in <code>.gitignore</code> that have previously committed. After adding them to .gitignore run this command to ensure they are removed from the repo without deleting them from your local project directory.<br> <br></p> <h4> 4. Reset all local files to the last commit </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git reset <span class="nt">--hard</span> </code></pre> </div> <h6> <em><strong>DANGER</strong> - exercise caution when using this command as it has the potential to throw away hours of work.</em> </h6> <p>I often find I have uncommitted changes in a branch I've been messing around in (whitespace, print statements) git doesn't let you checkout another branch with uncommitted changes so this is a quick way to reset your project directory to the HEAD.<br> <br></p> <h4> 5. Undo the last commit </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git reset <span class="nt">--hard</span> HEAD^ </code></pre> </div> <h6> <em><strong>DANGER</strong> - Can also cause unintentional loss of work.</em> </h6> <p>We've all made commits we immediately regret... Use this command to destroy the changes from the last commit.<br> <br></p> <h4> 6. Modify the previous commit </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git commit <span class="nt">--amend</span> <span class="nt">-m</span> &lt;newMsg&gt; </code></pre> </div> <p>Adding the <code>-m</code> option allows you modify the previous commit message. You can also stage new changes to the commit and the previous commit will inherit them.<br> <br></p> <h4> 7. Remove all branches that no longer exist on remote </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git branch <span class="nt">--merged</span> | egrep <span class="nt">-v</span> <span class="s2">"(^</span><span class="se">\*</span><span class="s2">|master|main|&lt;branchToSave&gt;)"</span> | xargs git branch <span class="nt">-d</span> </code></pre> </div> <h6> <em><strong>DANGER</strong> - this will delete any newly created branches that have not yet been pushed to the remote repo. be sure to specify special cases as in <code>&lt;branchToSave&gt;</code>.</em> </h6> <p>This can be used to clean up your local repository if you have lots of old branches that have since been merged. If you want to learn how this works see <a href="https://stackoverflow.com/questions/6127328/how-can-i-delete-all-git-branches-which-have-been-merged?page=1&amp;tab=scoredesc#tab-top" rel="noopener noreferrer">this great stack overflow post</a>.<br> <br></p> <h4> 8. Cache git credentials for a set amount of time </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git config credential.helper <span class="s1">'cache --timeout 28800'</span> <span class="c"># 8hrs</span> </code></pre> </div> <p>This saves you entering your git user/password every time you want to push/pull<br> The <code>--global</code> flag can be added to do this across all repositories.<br> <br></p> <h4> 9. Remove a committed file from a branch / PR </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git checkout &lt;main_branch&gt; <span class="nt">--</span> &lt;path_to_file&gt; </code></pre> </div> <h4> 10. Delete a number of previous pushed commits </h4> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git reset <span class="nt">--hard</span> &lt;sha-id-of-last-good-commit&gt; git push origin HEAD <span class="nt">--force</span> </code></pre> </div> git tutorial programming