Add error message to app if secret missing in quay

2018-08-20 15:12:18 -04:00 · 2018-08-20 15:12:18 -04:00 · d44aa8f566
commit d44aa8f566
parent 6afc00bf77
5 changed files with 16 additions and 16 deletions
--- a/endpoints/api/test/test_security.py
+++ b/endpoints/api/test/test_security.py
@ -1267,11 +1267,6 @@ SECURITY_TESTS = [
  (SuperUserList, 'POST', None, {'username': 'foo'}, 'freshuser', 403),
  (SuperUserList, 'POST', None, {'username': 'foo'}, 'reader', 403),

-  (SuperUserCustomCertificates, 'GET', None, None, None, 401),
-  (SuperUserCustomCertificates, 'GET', None, None, 'devtable', 200),
-  (SuperUserCustomCertificates, 'GET', None, None, 'freshuser', 403),
-  (SuperUserCustomCertificates, 'GET', None, None, 'reader', 403),
-
  (SuperUserSystemLogServices, 'GET', None, None, None, 401),
  (SuperUserSystemLogServices, 'GET', None, None, 'devtable', 200),
  (SuperUserSystemLogServices, 'GET', None, None, 'freshuser', 403),
@ -1282,15 +1277,6 @@ SECURITY_TESTS = [
  (SuperUserGetLogsForService, 'GET', {'service': 'foo'}, None, 'freshuser', 403),
  (SuperUserGetLogsForService, 'GET', {'service': 'foo'}, None, 'reader', 403),

-  (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, None, 401),
-  (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'devtable', 204),
-  (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'freshuser', 403),
-  (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'reader', 403),
-  (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, None, 401),
-  (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'devtable', 400),
-  (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'freshuser', 403),
-  (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'reader', 403),
-
  (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, None, 401),
  (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, 'devtable', 204),
  (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, 'freshuser', 403),
--- a/endpoints/common.py
+++ b/endpoints/common.py
@ -9,7 +9,7 @@ from flask_principal import identity_changed
 import endpoints.decorated  # Register the various exceptions via decorators.
 import features

-from app import app, oauth_apps, oauth_login, LoginWrappedDBUser, user_analytics
+from app import app, oauth_apps, oauth_login, LoginWrappedDBUser, user_analytics, IS_KUBERNETES
 from auth import scopes
 from auth.permissions import QuayDeferredPermissionUser
 from config import frontend_visible_config
@ -143,6 +143,7 @@ def render_page_template(name, route_data=None, **kwargs):
                             preferred_scheme=app.config['PREFERRED_URL_SCHEME'],
                             version_number=version_number,
                             current_year=datetime.datetime.now().year,
+                             is_kubernetes=IS_KUBERNETES,
                             **kwargs)

  resp = make_response(contents)
--- a/static/js/pages/incomplete-setup.js
+++ b/static/js/pages/incomplete-setup.js
@ -48,6 +48,7 @@


    $scope.showMissingConfigDialog = function() {
+      var title = "Missing configuration volume";
      var message = "It looks like Quay was not mounted with a configuration volume. The volume should be " +
                    "mounted into the container at <code>/conf/stack</code>. " +
                    "<br>If you have a tarball, please ensure you untar it into a directory and re-run this container with: " +
@ -58,7 +59,14 @@
                    "<a href='https://coreos.com/docs/enterprise-registry/initial-setup/'>" +
                    "Read the Setup Guide</a>";

-      var title = "Missing configuration volume";
+      if (window.__is_kubernetes) {
+        title = "Configuration Secret Missing";
+        message = "It looks like the Quay Enterprise secret is not present in this Kubernetes namespace." +
+                  "<br>Please double-check that the secret exists, or " +
+                  "<a href='https://coreos.com/docs/enterprise-registry/initial-setup/'>" +
+                  "refer to the Setup Guide</a>";
+      }
+
      CoreDialog.fatal(title, message);
    };

--- a/templates/base.html
+++ b/templates/base.html
@ -35,6 +35,7 @@
      window.__auth_scopes = {{ scope_set|tojson|safe }};
      window.__vuln_priority = {{ vuln_priority_set|tojson|safe }}
      window.__token = '{{ csrf_token() }}';
+      window.__is_kubernetes = {{ is_kubernetes|tojson|safe }};

      {% if error_code %}
      window.__error_code = {{ error_code }};
--- a/util/config/provider/k8sprovider.py
+++ b/util/config/provider/k8sprovider.py
@ -50,6 +50,10 @@ class KubernetesConfigProvider(BaseFileProvider):
    # in Kubernetes secrets.
    return "_".join([directory.rstrip('/'), filename])

+  def volume_exists(self):
+    secret = self._lookup_secret()
+    return secret is not None
+
  def volume_file_exists(self, relative_file_path):
    if '/' in relative_file_path:
      raise Exception('Expected path from get_volume_path, but found slashes')