Add app var for init scripts location to access certs install
This commit is contained in:
Sam Chow
parent
01c23be9d6
commit
bd54eacbad
8 changed files with 25 additions and 15 deletions
1
app.py
1
app.py
|
|
@ -62,6 +62,7 @@ OVERRIDE_CONFIG_PY_FILENAME = os.path.join(CONF_DIR, 'stack/config.py')
|
|||
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
|
||||
|
||||
DOCKER_V2_SIGNINGKEY_FILENAME = 'docker_v2.pem'
|
||||
INIT_SCRIPTS_LOCATION = '/conf/init/'
|
||||
|
||||
app = Flask(__name__)
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ app = Flask(__name__)
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
OVERRIDE_CONFIG_DIRECTORY = os.path.join(ROOT_DIR, 'config_app/conf/stack')
|
||||
INIT_SCRIPTS_LOCATION = '/quay-registry/config_app/init/'
|
||||
|
||||
is_testing = 'TEST' in os.environ
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,8 @@ from flask import abort, request
|
|||
|
||||
from config_app.config_endpoints.api.suconfig_models_pre_oci import pre_oci_model as model
|
||||
from config_app.config_endpoints.api import resource, ApiResource, nickname, validate_json_request
|
||||
from config_app.c_app import app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver, instance_keys
|
||||
from config_app.c_app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY,
|
||||
ip_resolver, instance_keys, INIT_SCRIPTS_LOCATION)
|
||||
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data.users import get_federated_service_name, get_users_handler
|
||||
|
|
@ -275,7 +276,8 @@ class SuperUserConfigValidate(ApiResource):
|
|||
validator_context = ValidatorContext.from_app(app, config, request.get_json().get('password', ''),
|
||||
instance_keys=instance_keys,
|
||||
ip_resolver=ip_resolver,
|
||||
config_provider=config_provider)
|
||||
config_provider=config_provider,
|
||||
init_scripts_location=INIT_SCRIPTS_LOCATION)
|
||||
|
||||
return validate_service_for_config(service, validator_context)
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ from config_app.config_endpoints.exception import InvalidRequest
|
|||
from config_app.config_endpoints.api import resource, ApiResource, nickname
|
||||
from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model
|
||||
from config_app.config_util.ssl import load_certificate, CertInvalidException
|
||||
from config_app.c_app import app, config_provider
|
||||
from config_app.c_app import config_provider, INIT_SCRIPTS_LOCATION
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
@ -51,7 +51,7 @@ class SuperUserCustomCertificate(ApiResource):
|
|||
|
||||
# TODO(QUAY-991): properly install the custom certs provided by user
|
||||
# Call the update script with config dir location to install the certificate immediately.
|
||||
if subprocess.call(['/quay-registry/config_app/init/certs_install.sh'],
|
||||
if subprocess.call([os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')],
|
||||
env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0:
|
||||
raise Exception('Could not install certificates')
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ import subprocess
|
|||
from flask import abort
|
||||
|
||||
from app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver,
|
||||
instance_keys)
|
||||
instance_keys, INIT_SCRIPTS_LOCATION)
|
||||
from auth.permissions import SuperUserPermission
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from data.database import configure
|
||||
|
|
@ -410,7 +410,8 @@ class SuperUserConfigValidate(ApiResource):
|
|||
request.get_json().get('password', ''),
|
||||
instance_keys=instance_keys,
|
||||
ip_resolver=ip_resolver,
|
||||
config_provider=config_provider)
|
||||
config_provider=config_provider,
|
||||
init_scripts_location=INIT_SCRIPTS_LOCATION)
|
||||
|
||||
return validate_service_for_config(service, validator_context)
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ from flask import request, make_response, jsonify
|
|||
|
||||
import features
|
||||
|
||||
from app import app, avatar, superusers, authentication, config_provider
|
||||
from app import app, avatar, superusers, authentication, config_provider, INIT_SCRIPTS_LOCATION
|
||||
from auth import scopes
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth.permissions import SuperUserPermission
|
||||
|
|
@ -950,7 +950,7 @@ class SuperUserCustomCertificate(ApiResource):
|
|||
# Call the update script to install the certificate immediately.
|
||||
if not app.config['TESTING']:
|
||||
logger.debug('Calling certs_install.sh')
|
||||
if os.system('/conf/init/certs_install.sh') != 0:
|
||||
if os.system(os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')) != 0:
|
||||
raise Exception('Could not install certificates')
|
||||
|
||||
logger.debug('certs_install.sh completed')
|
||||
|
|
|
|||
|
|
@ -102,7 +102,8 @@ class ValidatorContext(object):
|
|||
def __init__(self, config, user_password=None, http_client=None, context=None,
|
||||
url_scheme_and_hostname=None, jwt_auth_max=None, registry_title=None,
|
||||
ip_resolver=None, feature_sec_scanner=False, is_testing=False,
|
||||
uri_creator=None, config_provider=None, instance_keys=None):
|
||||
uri_creator=None, config_provider=None, instance_keys=None,
|
||||
init_scripts_location=None):
|
||||
self.config = config
|
||||
self.user = get_authenticated_user()
|
||||
self.user_password = user_password
|
||||
|
|
@ -117,10 +118,11 @@ class ValidatorContext(object):
|
|||
self.uri_creator = uri_creator
|
||||
self.config_provider = config_provider
|
||||
self.instance_keys = instance_keys
|
||||
self.init_scripts_location = init_scripts_location
|
||||
|
||||
@classmethod
|
||||
def from_app(cls, app, config, user_password, ip_resolver, instance_keys, client=None,
|
||||
config_provider=None):
|
||||
config_provider=None, init_scripts_location=None):
|
||||
"""
|
||||
Creates a ValidatorContext from an app config, with a given config to validate
|
||||
:param app: the Flask app to pull configuration information from
|
||||
|
|
@ -128,9 +130,10 @@ class ValidatorContext(object):
|
|||
:param user_password: request password
|
||||
:param instance_keys: The instance keys handler
|
||||
:param ip_resolver: an App
|
||||
:param client:
|
||||
:param config_provider:
|
||||
:return:
|
||||
:param client: http client used to connect to services
|
||||
:param config_provider: config provider used to access config volume(s)
|
||||
:param init_scripts_location: location where initial load scripts are stored
|
||||
:return: ValidatorContext
|
||||
"""
|
||||
url_scheme_and_hostname = URLSchemeAndHostname.from_app_config(app.config)
|
||||
|
||||
|
|
@ -146,4 +149,5 @@ class ValidatorContext(object):
|
|||
is_testing=app.config.get('TESTING', False),
|
||||
uri_creator=get_blob_download_uri_getter(app.test_request_context('/'), url_scheme_and_hostname),
|
||||
config_provider=config_provider,
|
||||
instance_keys=instance_keys)
|
||||
instance_keys=instance_keys,
|
||||
init_scripts_location=init_scripts_location)
|
||||
|
|
|
|||
|
|
@ -16,13 +16,14 @@ class LDAPValidator(BaseValidator):
|
|||
user = validator_context.user
|
||||
user_password = validator_context.user_password
|
||||
config_provider = validator_context.config_provider
|
||||
init_scripts_location = validator_context.init_scripts_location
|
||||
|
||||
if config.get('AUTHENTICATION_TYPE', 'Database') != 'LDAP':
|
||||
return
|
||||
|
||||
# If there is a custom LDAP certificate, then reinstall the certificates for the container.
|
||||
if config_provider.volume_file_exists(LDAP_CERT_FILENAME):
|
||||
subprocess.check_call([os.path.join(config_provider.get_config_root(), '../init/certs_install.sh')])
|
||||
subprocess.check_call([os.path.join(init_scripts_location, 'certs_install.sh')])
|
||||
|
||||
# Note: raises ldap.INVALID_CREDENTIALS on failure
|
||||
admin_dn = config.get('LDAP_ADMIN_DN')
|
||||
|
|
|
|||
Reference in a new issue