platform-core

Shared platform Python library (AWS/Cloudflare/Kubernetes/Vault utilities + core helpers).

Note

This README is written in an “open-source style” so it’s easy to onboard and reuse across multiple projects.

Table of Contents

• What this is
• Scope and non-goals
• Installation
• Quickstart
• Modules
• Development
• Contributing
• Security
• License

What this is

platform-core is a small Python library intended to reduce copy/paste across internal tooling by providing:

• AWS helpers (client config, common patterns)
• Cloudflare helpers (API session, pagination, retries/backoff)
• Vault helpers (KV v2 read/write with timeouts)
• Kubernetes helpers (optional client initialization)
• Core utilities (logging + small helpers)

Scope and non-goals

• In scope
  • Minimal, dependency-light helpers with sane defaults (timeouts, retries)
  • Code that is reusable across multiple repos and teams
  • Prefer explicit, boring interfaces over “framework magic”
• Non-goals
  • Product/business logic
  • Infrastructure-as-code (Terraform/CloudFormation) tooling (unless/ until it actually lives here)
  • A grab-bag of unrelated helpers

Installation

Python: 3.14+

Tip

For local development, use editable installs so you can iterate quickly.

python3 -m pip install -U pip
python3 -m pip install -e .

Optional extras:

# Kubernetes client helpers
python3 -m pip install -e ".[kubernetes]"

Quickstart

AWS

from platform_core.aws import AWSUtils

aws = AWSUtils()
sts = aws.create_boto3_client("sts", "us-east-1")
print(sts.get_caller_identity()["Account"])

Cloudflare API

import os

from platform_core.cloudflare import cloudflare_api_session

with cloudflare_api_session(os.environ["CLOUDFLARE_API_TOKEN"]) as api:
    zones = api.make_api_request("GET", "/zones")
    print(zones)

Vault (KV v2)

import os

from platform_core.vault import VaultClient

client = VaultClient(vault_addr=os.environ["VAULT_ADDR"])
data = client.read_credentials(secrets_engine="secret", secret_path="team/app/credentials")
print(data)

Kubernetes (optional)

from platform_core.kubernetes import create_api_client

api_client = create_api_client()

# Requires: python3 -m pip install -e ".[kubernetes]"
from kubernetes import client as k8s_client

v1 = k8s_client.CoreV1Api(api_client)
print([ns.metadata.name for ns in v1.list_namespace().items])

Modules

• platform_core.utils
  • Core helpers (logging, JSON, env, string utilities)
• platform_core.aws
  • AWSUtils and helper managers (DynamoDB/SQS)
• platform_core.cloudflare
  • CloudflareAPI + cloudflare_api_session
  • Bounded retries for transient errors (429/5xx/408) with backoff
• platform_core.vault
  • VaultClient for KV v2 secret read/write with HTTP timeouts
• platform_core.kubernetes
  • create_api_client() (in-cluster config, else kubeconfig)

Development

python3 -m pip install pre-commit
pre-commit install

# Update hook versions
pre-commit autoupdate

# Run checks
pre-commit run --all-files

CI runs the same checks on every PR/push via GitHub Actions.

Contributing

See .github/CONTRIBUTING.md.

Security

• Do not commit secrets (tokens, keys, credentials)
• ggshield runs on pre-push (set GITGUARDIAN_API_KEY to enable)
• Prefer least privilege for AWS and Cloudflare tokens

License

See LICENSE.md.

• src/platform_core/utils.py: logging + core helpers
• src/platform_core/aws.py: AWS helpers
• src/platform_core/cloudflare.py: Cloudflare API helpers
• src/platform_core/vault.py: Vault helpers