Add app var for init scripts location to access certs install
This commit is contained in:
Sam Chow
parent
01c23be9d6
commit
bd54eacbad
8 changed files with 25 additions and 15 deletions
1
app.py
1
app.py
|
|
@ -62,6 +62,7 @@ OVERRIDE_CONFIG_PY_FILENAME = os.path.join(CONF_DIR, 'stack/config.py')
|
||||||
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
|
OVERRIDE_CONFIG_KEY = 'QUAY_OVERRIDE_CONFIG'
|
||||||
|
|
||||||
DOCKER_V2_SIGNINGKEY_FILENAME = 'docker_v2.pem'
|
DOCKER_V2_SIGNINGKEY_FILENAME = 'docker_v2.pem'
|
||||||
|
INIT_SCRIPTS_LOCATION = '/conf/init/'
|
||||||
|
|
||||||
app = Flask(__name__)
|
app = Flask(__name__)
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ app = Flask(__name__)
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
OVERRIDE_CONFIG_DIRECTORY = os.path.join(ROOT_DIR, 'config_app/conf/stack')
|
OVERRIDE_CONFIG_DIRECTORY = os.path.join(ROOT_DIR, 'config_app/conf/stack')
|
||||||
|
INIT_SCRIPTS_LOCATION = '/quay-registry/config_app/init/'
|
||||||
|
|
||||||
is_testing = 'TEST' in os.environ
|
is_testing = 'TEST' in os.environ
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,8 @@ from flask import abort, request
|
||||||
|
|
||||||
from config_app.config_endpoints.api.suconfig_models_pre_oci import pre_oci_model as model
|
from config_app.config_endpoints.api.suconfig_models_pre_oci import pre_oci_model as model
|
||||||
from config_app.config_endpoints.api import resource, ApiResource, nickname, validate_json_request
|
from config_app.config_endpoints.api import resource, ApiResource, nickname, validate_json_request
|
||||||
from config_app.c_app import app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver, instance_keys
|
from config_app.c_app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY,
|
||||||
|
ip_resolver, instance_keys, INIT_SCRIPTS_LOCATION)
|
||||||
|
|
||||||
from auth.auth_context import get_authenticated_user
|
from auth.auth_context import get_authenticated_user
|
||||||
from data.users import get_federated_service_name, get_users_handler
|
from data.users import get_federated_service_name, get_users_handler
|
||||||
|
|
@ -275,7 +276,8 @@ class SuperUserConfigValidate(ApiResource):
|
||||||
validator_context = ValidatorContext.from_app(app, config, request.get_json().get('password', ''),
|
validator_context = ValidatorContext.from_app(app, config, request.get_json().get('password', ''),
|
||||||
instance_keys=instance_keys,
|
instance_keys=instance_keys,
|
||||||
ip_resolver=ip_resolver,
|
ip_resolver=ip_resolver,
|
||||||
config_provider=config_provider)
|
config_provider=config_provider,
|
||||||
|
init_scripts_location=INIT_SCRIPTS_LOCATION)
|
||||||
|
|
||||||
return validate_service_for_config(service, validator_context)
|
return validate_service_for_config(service, validator_context)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ from config_app.config_endpoints.exception import InvalidRequest
|
||||||
from config_app.config_endpoints.api import resource, ApiResource, nickname
|
from config_app.config_endpoints.api import resource, ApiResource, nickname
|
||||||
from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model
|
from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model
|
||||||
from config_app.config_util.ssl import load_certificate, CertInvalidException
|
from config_app.config_util.ssl import load_certificate, CertInvalidException
|
||||||
from config_app.c_app import app, config_provider
|
from config_app.c_app import config_provider, INIT_SCRIPTS_LOCATION
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
@ -51,7 +51,7 @@ class SuperUserCustomCertificate(ApiResource):
|
||||||
|
|
||||||
# TODO(QUAY-991): properly install the custom certs provided by user
|
# TODO(QUAY-991): properly install the custom certs provided by user
|
||||||
# Call the update script with config dir location to install the certificate immediately.
|
# Call the update script with config dir location to install the certificate immediately.
|
||||||
if subprocess.call(['/quay-registry/config_app/init/certs_install.sh'],
|
if subprocess.call([os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')],
|
||||||
env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0:
|
env={ 'QUAYCONF': config_provider.get_config_dir_path() }) != 0:
|
||||||
raise Exception('Could not install certificates')
|
raise Exception('Could not install certificates')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ import subprocess
|
||||||
from flask import abort
|
from flask import abort
|
||||||
|
|
||||||
from app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver,
|
from app import (app, config_provider, superusers, OVERRIDE_CONFIG_DIRECTORY, ip_resolver,
|
||||||
instance_keys)
|
instance_keys, INIT_SCRIPTS_LOCATION)
|
||||||
from auth.permissions import SuperUserPermission
|
from auth.permissions import SuperUserPermission
|
||||||
from auth.auth_context import get_authenticated_user
|
from auth.auth_context import get_authenticated_user
|
||||||
from data.database import configure
|
from data.database import configure
|
||||||
|
|
@ -410,7 +410,8 @@ class SuperUserConfigValidate(ApiResource):
|
||||||
request.get_json().get('password', ''),
|
request.get_json().get('password', ''),
|
||||||
instance_keys=instance_keys,
|
instance_keys=instance_keys,
|
||||||
ip_resolver=ip_resolver,
|
ip_resolver=ip_resolver,
|
||||||
config_provider=config_provider)
|
config_provider=config_provider,
|
||||||
|
init_scripts_location=INIT_SCRIPTS_LOCATION)
|
||||||
|
|
||||||
return validate_service_for_config(service, validator_context)
|
return validate_service_for_config(service, validator_context)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ from flask import request, make_response, jsonify
|
||||||
|
|
||||||
import features
|
import features
|
||||||
|
|
||||||
from app import app, avatar, superusers, authentication, config_provider
|
from app import app, avatar, superusers, authentication, config_provider, INIT_SCRIPTS_LOCATION
|
||||||
from auth import scopes
|
from auth import scopes
|
||||||
from auth.auth_context import get_authenticated_user
|
from auth.auth_context import get_authenticated_user
|
||||||
from auth.permissions import SuperUserPermission
|
from auth.permissions import SuperUserPermission
|
||||||
|
|
@ -950,7 +950,7 @@ class SuperUserCustomCertificate(ApiResource):
|
||||||
# Call the update script to install the certificate immediately.
|
# Call the update script to install the certificate immediately.
|
||||||
if not app.config['TESTING']:
|
if not app.config['TESTING']:
|
||||||
logger.debug('Calling certs_install.sh')
|
logger.debug('Calling certs_install.sh')
|
||||||
if os.system('/conf/init/certs_install.sh') != 0:
|
if os.system(os.path.join(INIT_SCRIPTS_LOCATION, 'certs_install.sh')) != 0:
|
||||||
raise Exception('Could not install certificates')
|
raise Exception('Could not install certificates')
|
||||||
|
|
||||||
logger.debug('certs_install.sh completed')
|
logger.debug('certs_install.sh completed')
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,8 @@ class ValidatorContext(object):
|
||||||
def __init__(self, config, user_password=None, http_client=None, context=None,
|
def __init__(self, config, user_password=None, http_client=None, context=None,
|
||||||
url_scheme_and_hostname=None, jwt_auth_max=None, registry_title=None,
|
url_scheme_and_hostname=None, jwt_auth_max=None, registry_title=None,
|
||||||
ip_resolver=None, feature_sec_scanner=False, is_testing=False,
|
ip_resolver=None, feature_sec_scanner=False, is_testing=False,
|
||||||
uri_creator=None, config_provider=None, instance_keys=None):
|
uri_creator=None, config_provider=None, instance_keys=None,
|
||||||
|
init_scripts_location=None):
|
||||||
self.config = config
|
self.config = config
|
||||||
self.user = get_authenticated_user()
|
self.user = get_authenticated_user()
|
||||||
self.user_password = user_password
|
self.user_password = user_password
|
||||||
|
|
@ -117,10 +118,11 @@ class ValidatorContext(object):
|
||||||
self.uri_creator = uri_creator
|
self.uri_creator = uri_creator
|
||||||
self.config_provider = config_provider
|
self.config_provider = config_provider
|
||||||
self.instance_keys = instance_keys
|
self.instance_keys = instance_keys
|
||||||
|
self.init_scripts_location = init_scripts_location
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def from_app(cls, app, config, user_password, ip_resolver, instance_keys, client=None,
|
def from_app(cls, app, config, user_password, ip_resolver, instance_keys, client=None,
|
||||||
config_provider=None):
|
config_provider=None, init_scripts_location=None):
|
||||||
"""
|
"""
|
||||||
Creates a ValidatorContext from an app config, with a given config to validate
|
Creates a ValidatorContext from an app config, with a given config to validate
|
||||||
:param app: the Flask app to pull configuration information from
|
:param app: the Flask app to pull configuration information from
|
||||||
|
|
@ -128,9 +130,10 @@ class ValidatorContext(object):
|
||||||
:param user_password: request password
|
:param user_password: request password
|
||||||
:param instance_keys: The instance keys handler
|
:param instance_keys: The instance keys handler
|
||||||
:param ip_resolver: an App
|
:param ip_resolver: an App
|
||||||
:param client:
|
:param client: http client used to connect to services
|
||||||
:param config_provider:
|
:param config_provider: config provider used to access config volume(s)
|
||||||
:return:
|
:param init_scripts_location: location where initial load scripts are stored
|
||||||
|
:return: ValidatorContext
|
||||||
"""
|
"""
|
||||||
url_scheme_and_hostname = URLSchemeAndHostname.from_app_config(app.config)
|
url_scheme_and_hostname = URLSchemeAndHostname.from_app_config(app.config)
|
||||||
|
|
||||||
|
|
@ -146,4 +149,5 @@ class ValidatorContext(object):
|
||||||
is_testing=app.config.get('TESTING', False),
|
is_testing=app.config.get('TESTING', False),
|
||||||
uri_creator=get_blob_download_uri_getter(app.test_request_context('/'), url_scheme_and_hostname),
|
uri_creator=get_blob_download_uri_getter(app.test_request_context('/'), url_scheme_and_hostname),
|
||||||
config_provider=config_provider,
|
config_provider=config_provider,
|
||||||
instance_keys=instance_keys)
|
instance_keys=instance_keys,
|
||||||
|
init_scripts_location=init_scripts_location)
|
||||||
|
|
|
||||||
|
|
@ -16,13 +16,14 @@ class LDAPValidator(BaseValidator):
|
||||||
user = validator_context.user
|
user = validator_context.user
|
||||||
user_password = validator_context.user_password
|
user_password = validator_context.user_password
|
||||||
config_provider = validator_context.config_provider
|
config_provider = validator_context.config_provider
|
||||||
|
init_scripts_location = validator_context.init_scripts_location
|
||||||
|
|
||||||
if config.get('AUTHENTICATION_TYPE', 'Database') != 'LDAP':
|
if config.get('AUTHENTICATION_TYPE', 'Database') != 'LDAP':
|
||||||
return
|
return
|
||||||
|
|
||||||
# If there is a custom LDAP certificate, then reinstall the certificates for the container.
|
# If there is a custom LDAP certificate, then reinstall the certificates for the container.
|
||||||
if config_provider.volume_file_exists(LDAP_CERT_FILENAME):
|
if config_provider.volume_file_exists(LDAP_CERT_FILENAME):
|
||||||
subprocess.check_call([os.path.join(config_provider.get_config_root(), '../init/certs_install.sh')])
|
subprocess.check_call([os.path.join(init_scripts_location, 'certs_install.sh')])
|
||||||
|
|
||||||
# Note: raises ldap.INVALID_CREDENTIALS on failure
|
# Note: raises ldap.INVALID_CREDENTIALS on failure
|
||||||
admin_dn = config.get('LDAP_ADMIN_DN')
|
admin_dn = config.get('LDAP_ADMIN_DN')
|
||||||
|
|
|
||||||
Reference in a new issue