Skip to content

Python.for.infrastructure.interview.one.screen

Python for infra interviews - one screen

MENTAL MODEL
- Bash = text-stream glue
- Python = structured logic + data
- Switch when script stops being glue and starts being application logic

WHEN TO USE PYTHON
- JSON/YAML/TOML/CSV parsing
- APIs, auth, retries, validation
- reusable functions, tests, logging
- fan-out across many hosts/resources
- anything > ~100 lines or with real branching/recovery

CORE THINGS TO SAY
- prefer pathlib over string path hacks
- prefer native Python over subprocess abuse
- use exceptions, not exit-code soup
- use dict/list/set/Counter/defaultdict instead of Bash gymnastics
- use type hints + dataclasses when data shape matters

SAFE DEFAULTS
- use venvs
- outside venv: python3; inside venv: python
- always set timeouts on HTTP calls
- verify TLS certs and SSH host keys
- avoid hard-coded secrets
- use structured logging
- write files atomically for config/state

SUBPROCESS
- subprocess.run([...], check=True, text=True, capture_output=True)
- pass args as a list, not a shell string
- shell=False by default
- use shlex only when parsing shell-like text, not as a lifestyle

FILES / CONFIG
- pathlib.Path for paths
- tempfile + os.replace/Path.replace for atomic writes
- know json, yaml, tomllib, csv, configparser
- config precedence: defaults < config file < env vars < CLI flags

HTTP / APIs
- requests.Session() for connection reuse
- timeout=(connect, read)
- response.raise_for_status()
- retries only for idempotent operations by default
- add backoff/jitter; log failures with context

AWS / SSH / TEMPLATES
- boto3 uses credential provider chain; prefer roles/profiles over static creds
- Paramiko: reject unknown host keys in prod
- Jinja2 for config/template generation, but validate rendered output

CONCURRENCY
- threads for I/O-bound work
- processes for CPU-bound work
- ThreadPoolExecutor is usually enough for fleet/API fan-out
- cap concurrency; don't DDoS your own infra

KUBERNETES
- use official client carefully
- avoid blind cluster-wide list calls at scale
- filter by namespace/label/field selector where possible

TESTING
- pytest
- tmp_path for filesystem tests
- monkeypatch env vars/config
- mock HTTP/subprocess boundaries
- dry-run mode is interview gold

FOOTGUNS
- mutable default args
- broad except Exception with no context
- shell=True
- logging secrets
- disabling cert validation
- infinite retries
- global state
- parsing JSON with grep because apparently chaos needed a mascot

30-SECOND INTERVIEW ANSWER
- "I use Bash for thin glue and Python when I need data structures, APIs, retries, testing, or maintainable logic.
  My defaults are pathlib, requests with timeouts, subprocess without shell=True, structured logging, atomic writes,
  pytest, and ThreadPoolExecutor for I/O-bound fan-out. I prefer secure defaults, config precedence, and dry-run support."

LIBS TO NAME
- stdlib: pathlib, subprocess, json, csv, tomllib, configparser, logging, argparse, concurrent.futures
- common: requests, boto3, paramiko, jinja2, pyyaml, pytest

Best interview angle

Frame Python as operator-grade automation, not "I know syntax." That lands better. Syntax is cheap. Judgment is the actual product.