From bd54eacbad2e767f1f9882542ece50fadc0c6e85 Mon Sep 17 00:00:00 2001 From: Sam Chow Date: Tue, 10 Jul 2018 11:43:34 -0400 Subject: [PATCH] Add app var for init scripts location to access certs install --- app.py | 1 + config_app/c_app.py | 1 + config_app/config_endpoints/api/suconfig.py | 6 ++++-- config_app/config_endpoints/api/superuser.py | 4 ++-- endpoints/api/suconfig.py | 5 +++-- endpoints/api/superuser.py | 4 ++-- util/config/validator.py | 16 ++++++++++------ util/config/validators/validate_ldap.py | 3 ++- 8 files changed, 25 insertions(+), 15 deletions(-) diff --git a/app.py b/app.py index 7845b43fd..bf4ae4fe0 100644 --- a/app.py +++ b/app.py @@ -62,6 +62,7 @@ OVERRIDE_CONFIG_PY_FILENAME = os.path.join(CONF_DIR, 'stack/config.py') OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG' DOCKER_V2_SIGNINGKEY_FILENAME = 'docker_v2.pem' +INIT_SCRIPTS_LOCATION = '/conf/init/' app = Flask(__name__) logger = logging.getLogger(__name__) diff --git a/config_app/c_app.py b/config_app/c_app.py index ea118d3b5..8e116a3cb 100644 --- a/config_app/c_app.py +++ b/config_app/c_app.py @@ -16,6 +16,7 @@ app = Flask(__name__) logger = logging.getLogger(__name__) OVERRIDE_CONFIG_DIRECTORY = os.path.join(ROOT_DIR, 'config_app/conf/stack') +INIT_SCRIPTS_LOCATION = '/quay-registry/config_app/init/' is_testing = 'TEST' in os.environ diff --git a/config_app/config_endpoints/api/suconfig.py b/config_app/config_endpoints/api/suconfig.py index 9e17701ab..6bae4b89b 100644 --- a/config_app/config_endpoints/api/suconfig.py +++ b/config_app/config_endpoints/api/suconfig.py @@ -4,7 +4,8 @@ from flask import abort, request from config_app.config_endpoints.api.suconfig_models_pre_oci import pre_oci_model as model from config_app.config_endpoints.api import resource, ApiResource, nickname, validate_json_request -from config_app.c_app import app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver, instance_keys +from config_app.c_app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, + ip_resolver, instance_keys, INIT_SCRIPTS_LOCATION) from auth.auth_context import get_authenticated_user from data.users import get_federated_service_name, get_users_handler @@ -275,7 +276,8 @@ class SuperUserConfigValidate(ApiResource): validator_context = ValidatorContext.from_app(app, config, request.get_json().get('password', ''), instance_keys=instance_keys, ip_resolver=ip_resolver, - config_provider=config_provider) + config_provider=config_provider, + init_scripts_location=INIT_SCRIPTS_LOCATION) return validate_service_for_config(service, validator_context) diff --git a/config_app/config_endpoints/api/superuser.py b/config_app/config_endpoints/api/superuser.py index 71cf33e47..a0848fb93 100644 --- a/config_app/config_endpoints/api/superuser.py +++ b/config_app/config_endpoints/api/superuser.py @@ -11,7 +11,7 @@ from config_app.config_endpoints.exception import InvalidRequest from config_app.config_endpoints.api import resource, ApiResource, nickname from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model from config_app.config_util.ssl import load_certificate, CertInvalidException -from config_app.c_app import app, config_provider +from config_app.c_app import config_provider, INIT_SCRIPTS_LOCATION logger = logging.getLogger(__name__) @@ -51,7 +51,7 @@ class SuperUserCustomCertificate(ApiResource): # TODO(QUAY-991): properly install the custom certs provided by user # Call the update script with config dir location to install the certificate immediately. - if subprocess.call(['/quay-registry/config_app/init/certs_install.sh'], + if subprocess.call([os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')], env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0: raise Exception('Could not install certificates') diff --git a/endpoints/api/suconfig.py b/endpoints/api/suconfig.py index 77954c6ae..bceeb3e43 100644 --- a/endpoints/api/suconfig.py +++ b/endpoints/api/suconfig.py @@ -8,7 +8,7 @@ import subprocess from flask import abort from app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver, - instance_keys) + instance_keys, INIT_SCRIPTS_LOCATION) from auth.permissions import SuperUserPermission from auth.auth_context import get_authenticated_user from data.database import configure @@ -410,7 +410,8 @@ class SuperUserConfigValidate(ApiResource): request.get_json().get('password', ''), instance_keys=instance_keys, ip_resolver=ip_resolver, - config_provider=config_provider) + config_provider=config_provider, + init_scripts_location=INIT_SCRIPTS_LOCATION) return validate_service_for_config(service, validator_context) diff --git a/endpoints/api/superuser.py b/endpoints/api/superuser.py index ee0b039d8..1efb49547 100644 --- a/endpoints/api/superuser.py +++ b/endpoints/api/superuser.py @@ -13,7 +13,7 @@ from flask import request, make_response, jsonify import features -from app import app, avatar, superusers, authentication, config_provider +from app import app, avatar, superusers, authentication, config_provider, INIT_SCRIPTS_LOCATION from auth import scopes from auth.auth_context import get_authenticated_user from auth.permissions import SuperUserPermission @@ -950,7 +950,7 @@ class SuperUserCustomCertificate(ApiResource): # Call the update script to install the certificate immediately. if not app.config['TESTING']: logger.debug('Calling certs_install.sh') - if os.system('/conf/init/certs_install.sh') != 0: + if os.system(os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')) != 0: raise Exception('Could not install certificates') logger.debug('certs_install.sh completed') diff --git a/util/config/validator.py b/util/config/validator.py index a0924c9e2..54f23938d 100644 --- a/util/config/validator.py +++ b/util/config/validator.py @@ -102,7 +102,8 @@ class ValidatorContext(object): def __init__(self, config, user_password=None, http_client=None, context=None, url_scheme_and_hostname=None, jwt_auth_max=None, registry_title=None, ip_resolver=None, feature_sec_scanner=False, is_testing=False, - uri_creator=None, config_provider=None, instance_keys=None): + uri_creator=None, config_provider=None, instance_keys=None, + init_scripts_location=None): self.config = config self.user = get_authenticated_user() self.user_password = user_password @@ -117,10 +118,11 @@ class ValidatorContext(object): self.uri_creator = uri_creator self.config_provider = config_provider self.instance_keys = instance_keys + self.init_scripts_location = init_scripts_location @classmethod def from_app(cls, app, config, user_password, ip_resolver, instance_keys, client=None, - config_provider=None): + config_provider=None, init_scripts_location=None): """ Creates a ValidatorContext from an app config, with a given config to validate :param app: the Flask app to pull configuration information from @@ -128,9 +130,10 @@ class ValidatorContext(object): :param user_password: request password :param instance_keys: The instance keys handler :param ip_resolver: an App - :param client: - :param config_provider: - :return: + :param client: http client used to connect to services + :param config_provider: config provider used to access config volume(s) + :param init_scripts_location: location where initial load scripts are stored + :return: ValidatorContext """ url_scheme_and_hostname = URLSchemeAndHostname.from_app_config(app.config) @@ -146,4 +149,5 @@ class ValidatorContext(object): is_testing=app.config.get('TESTING', False), uri_creator=get_blob_download_uri_getter(app.test_request_context('/'), url_scheme_and_hostname), config_provider=config_provider, - instance_keys=instance_keys) + instance_keys=instance_keys, + init_scripts_location=init_scripts_location) diff --git a/util/config/validators/validate_ldap.py b/util/config/validators/validate_ldap.py index 331cd87d3..ec1dafe8d 100644 --- a/util/config/validators/validate_ldap.py +++ b/util/config/validators/validate_ldap.py @@ -16,13 +16,14 @@ class LDAPValidator(BaseValidator): user = validator_context.user user_password = validator_context.user_password config_provider = validator_context.config_provider + init_scripts_location = validator_context.init_scripts_location if config.get('AUTHENTICATION_TYPE', 'Database') != 'LDAP': return # If there is a custom LDAP certificate, then reinstall the certificates for the container. if config_provider.volume_file_exists(LDAP_CERT_FILENAME): - subprocess.check_call([os.path.join(config_provider.get_config_root(), '../init/certs_install.sh')]) + subprocess.check_call([os.path.join(init_scripts_location, 'certs_install.sh')]) # Note: raises ldap.INVALID_CREDENTIALS on failure admin_dn = config.get('LDAP_ADMIN_DN')