From d44aa8f5665b89b87129c58cb80e13c8cc12cf9e Mon Sep 17 00:00:00 2001 From: Sam Chow Date: Mon, 20 Aug 2018 15:12:18 -0400 Subject: [PATCH] Add error message to app if secret missing in quay --- endpoints/api/test/test_security.py | 14 -------------- endpoints/common.py | 3 ++- static/js/pages/incomplete-setup.js | 10 +++++++++- templates/base.html | 1 + util/config/provider/k8sprovider.py | 4 ++++ 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/endpoints/api/test/test_security.py b/endpoints/api/test/test_security.py index 908395a0c..9cf3ee1a9 100644 --- a/endpoints/api/test/test_security.py +++ b/endpoints/api/test/test_security.py @@ -1267,11 +1267,6 @@ SECURITY_TESTS = [ (SuperUserList, 'POST', None, {'username': 'foo'}, 'freshuser', 403), (SuperUserList, 'POST', None, {'username': 'foo'}, 'reader', 403), - (SuperUserCustomCertificates, 'GET', None, None, None, 401), - (SuperUserCustomCertificates, 'GET', None, None, 'devtable', 200), - (SuperUserCustomCertificates, 'GET', None, None, 'freshuser', 403), - (SuperUserCustomCertificates, 'GET', None, None, 'reader', 403), - (SuperUserSystemLogServices, 'GET', None, None, None, 401), (SuperUserSystemLogServices, 'GET', None, None, 'devtable', 200), (SuperUserSystemLogServices, 'GET', None, None, 'freshuser', 403), @@ -1282,15 +1277,6 @@ SECURITY_TESTS = [ (SuperUserGetLogsForService, 'GET', {'service': 'foo'}, None, 'freshuser', 403), (SuperUserGetLogsForService, 'GET', {'service': 'foo'}, None, 'reader', 403), - (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, None, 401), - (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'devtable', 204), - (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'freshuser', 403), - (SuperUserCustomCertificate, 'DELETE', {'certpath': 'somecert.crt'}, None, 'reader', 403), - (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, None, 401), - (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'devtable', 400), - (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'freshuser', 403), - (SuperUserCustomCertificate, 'POST', {'certpath': 'somecert.crt'}, None, 'reader', 403), - (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, None, 401), (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, 'devtable', 204), (SuperUserManagement, 'DELETE', {'username': 'freshuser'}, None, 'freshuser', 403), diff --git a/endpoints/common.py b/endpoints/common.py index 38febd4ee..410c64c06 100644 --- a/endpoints/common.py +++ b/endpoints/common.py @@ -9,7 +9,7 @@ from flask_principal import identity_changed import endpoints.decorated # Register the various exceptions via decorators. import features -from app import app, oauth_apps, oauth_login, LoginWrappedDBUser, user_analytics +from app import app, oauth_apps, oauth_login, LoginWrappedDBUser, user_analytics, IS_KUBERNETES from auth import scopes from auth.permissions import QuayDeferredPermissionUser from config import frontend_visible_config @@ -143,6 +143,7 @@ def render_page_template(name, route_data=None, **kwargs): preferred_scheme=app.config['PREFERRED_URL_SCHEME'], version_number=version_number, current_year=datetime.datetime.now().year, + is_kubernetes=IS_KUBERNETES, **kwargs) resp = make_response(contents) diff --git a/static/js/pages/incomplete-setup.js b/static/js/pages/incomplete-setup.js index bf1bc1677..c2938e768 100644 --- a/static/js/pages/incomplete-setup.js +++ b/static/js/pages/incomplete-setup.js @@ -48,6 +48,7 @@ $scope.showMissingConfigDialog = function() { + var title = "Missing configuration volume"; var message = "It looks like Quay was not mounted with a configuration volume. The volume should be " + "mounted into the container at /conf/stack. " + "
If you have a tarball, please ensure you untar it into a directory and re-run this container with: " + @@ -58,7 +59,14 @@ "" + "Read the Setup Guide"; - var title = "Missing configuration volume"; + if (window.__is_kubernetes) { + title = "Configuration Secret Missing"; + message = "It looks like the Quay Enterprise secret is not present in this Kubernetes namespace." + + "
Please double-check that the secret exists, or " + + "" + + "refer to the Setup Guide"; + } + CoreDialog.fatal(title, message); }; diff --git a/templates/base.html b/templates/base.html index 8e7c28c4a..3968aa3f7 100644 --- a/templates/base.html +++ b/templates/base.html @@ -35,6 +35,7 @@ window.__auth_scopes = {{ scope_set|tojson|safe }}; window.__vuln_priority = {{ vuln_priority_set|tojson|safe }} window.__token = '{{ csrf_token() }}'; + window.__is_kubernetes = {{ is_kubernetes|tojson|safe }}; {% if error_code %} window.__error_code = {{ error_code }}; diff --git a/util/config/provider/k8sprovider.py b/util/config/provider/k8sprovider.py index 835a85b4d..f0cef9c23 100644 --- a/util/config/provider/k8sprovider.py +++ b/util/config/provider/k8sprovider.py @@ -50,6 +50,10 @@ class KubernetesConfigProvider(BaseFileProvider): # in Kubernetes secrets. return "_".join([directory.rstrip('/'), filename]) + def volume_exists(self): + secret = self._lookup_secret() + return secret is not None + def volume_file_exists(self, relative_file_path): if '/' in relative_file_path: raise Exception('Expected path from get_volume_path, but found slashes')