vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Install certs locally in config app to validate

Browse source
This commit is contained in:
Sam Chow 2018-07-09 16:32:41 -04:00
parent 6dc2cd3691
commit 01c23be9d6
2 changed files with 48 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
config_app/config_endpoints/api/superuser.py
View file

@ -1,6 +1,7 @@
import logging import logging
import pathvalidate import pathvalidate
import os import os
import subprocess
from flask import request, jsonify from flask import request, jsonify
@ -49,13 +50,10 @@ class SuperUserCustomCertificate(ApiResource):
return '', 204 return '', 204
# TODO(QUAY-991): properly install the custom certs provided by user # TODO(QUAY-991): properly install the custom certs provided by user
# Call the update script to install the certificate immediately. # Call the update script with config dir location to install the certificate immediately.
# if not app.config['TESTING']: if subprocess.call(['/quay-registry/config_app/init/certs_install.sh'],
# logger.debug('Calling certs_install.sh') env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0:
# if os.system('/conf/init/certs_install.sh') != 0: raise Exception('Could not install certificates')
# raise Exception('Could not install certificates')
#
# logger.debug('certs_install.sh completed')
return '', 204 return '', 204

43
config_app/init/certs_install.sh Executable file
View file

@ -0,0 +1,43 @@
#! /bin/bash
set -e
QUAYPATH=${QUAYPATH:-"."}
QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf/stack"}
cd ${QUAYDIR:-"/quay-registry"}
pwd
# Add the custom LDAP certificate
if [ -e $QUAYCONF/ldap.crt ]
then
cp $QUAYCONF/ldap.crt /usr/local/share/ca-certificates/ldap.crt
fi
# Add extra trusted certificates (as a directory)
if [ -d $QUAYCONF/extra_ca_certs ]; then
if test "$(ls -A "$QUAYCONF/extra_ca_certs")"; then
echo "Installing extra certificates found in $QUAYCONF/extra_ca_certs directory"
cp $QUAYCONF/extra_ca_certs/* /usr/local/share/ca-certificates/
cat $QUAYCONF/extra_ca_certs/* >> venv/lib/python2.7/site-packages/requests/cacert.pem
cat $QUAYCONF/extra_ca_certs/* >> venv/lib/python2.7/site-packages/certifi/cacert.pem
fi
fi
# Add extra trusted certificates (as a file)
if [ -f $QUAYCONF/extra_ca_certs ]; then
echo "Installing extra certificates found in $QUAYCONF/extra_ca_certs file"
csplit -z -f /usr/local/share/ca-certificates/extra-ca- $QUAYCONF/extra_ca_certs '/-----BEGIN CERTIFICATE-----/' '{*}'
cat $QUAYCONF/extra_ca_certs >> venv/lib/python2.7/site-packages/requests/cacert.pem
cat $QUAYCONF/extra_ca_certs >> venv/lib/python2.7/site-packages/certifi/cacert.pem
fi
# Add extra trusted certificates (prefixed)
for f in $(find $QUAYCONF/ -maxdepth 1 -type f -name "extra_ca*")
do
echo "Installing extra cert $f"
cp "$f" /usr/local/share/ca-certificates/
cat "$f" >> venv/lib/python2.7/site-packages/requests/cacert.pem
cat "$f" >> venv/lib/python2.7/site-packages/certifi/cacert.pem
done
# Update all CA certificates.
update-ca-certificates