Add Kubernetes configuration provider which writes config to a secret

Fixes #145

endpoints/api/suconfig.py

@@ -62,7 +62,7 @@ class SuperUserRegistryStatus(ApiResource):
       }
 
     # If there is no config file, we need to setup the database.
-    if not config_provider.yaml_exists():
+    if not config_provider.config_exists():
       return {
         'status': 'config-db'
       }
@@ -107,10 +107,10 @@ class SuperUserSetupDatabase(ApiResource):
     """ Invokes the alembic upgrade process. """
     # Note: This method is called after the database configured is saved, but before the
     # database has any tables. Therefore, we only allow it to be run in that unique case.
-    if config_provider.yaml_exists() and not database_is_valid():
+    if config_provider.config_exists() and not database_is_valid():
       # Note: We need to reconfigure the database here as the config has changed.
       combined = dict(**app.config)
-      combined.update(config_provider.get_yaml())
+      combined.update(config_provider.get_config())
 
       configure(combined)
       app.config['DB_URI'] = combined['DB_URI']
@@ -185,7 +185,7 @@ class SuperUserConfig(ApiResource):
   def get(self):
     """ Returns the currently defined configuration, if any. """
     if SuperUserPermission().can():
-      config_object = config_provider.get_yaml()
+      config_object = config_provider.get_config()
       return {
         'config': config_object
       }
@@ -196,18 +196,18 @@ class SuperUserConfig(ApiResource):
   @verify_not_prod
   @validate_json_request('UpdateConfig')
   def put(self):
-    """ Updates the config.yaml file. """
+    """ Updates the config override file. """
     # Note: This method is called to set the database configuration before super users exists,
     # so we also allow it to be called if there is no valid registry configuration setup.
-    if not config_provider.yaml_exists() or SuperUserPermission().can():
+    if not config_provider.config_exists() or SuperUserPermission().can():
       config_object = request.get_json()['config']
       hostname = request.get_json()['hostname']
 
       # Add any enterprise defaults missing from the config.
       add_enterprise_config_defaults(config_object, app.config['SECRET_KEY'], hostname)
 
-      # Write the configuration changes to the YAML file.
-      config_provider.save_yaml(config_object)
+      # Write the configuration changes to the config override file.
+      config_provider.save_config(config_object)
 
       # If the authentication system is not the database, link the superuser account to the
       # the authentication system chosen.
@@ -252,7 +252,7 @@ class SuperUserConfigFile(ApiResource):
 
     # Note: This method can be called before the configuration exists
     # to upload the database SSL cert.
-    if not config_provider.yaml_exists() or SuperUserPermission().can():
+    if not config_provider.config_exists() or SuperUserPermission().can():
       uploaded_file = request.files['file']
       if not uploaded_file:
         abort(400)
@@ -309,7 +309,7 @@ class SuperUserCreateInitialSuperUser(ApiResource):
     #
     # We do this special security check because at the point this method is called, the database
     # is clean but does not (yet) have any super users for our permissions code to check against.
-    if config_provider.yaml_exists() and not database_has_users():
+    if config_provider.config_exists() and not database_has_users():
       data = request.get_json()
       username = data['username']
       password = data['password']
@@ -319,9 +319,9 @@ class SuperUserCreateInitialSuperUser(ApiResource):
       superuser = model.user.create_user(username, password, email, auto_verify=True)
 
       # Add the user to the config.
-      config_object = config_provider.get_yaml()
+      config_object = config_provider.get_config()
       config_object['SUPER_USERS'] = [username]
-      config_provider.save_yaml(config_object)
+      config_provider.save_config(config_object)
 
       # Update the in-memory config for the new superuser.
       superusers.register_superuser(username)
@@ -369,7 +369,7 @@ class SuperUserConfigValidate(ApiResource):
     # Note: This method is called to validate the database configuration before super users exists,
     # so we also allow it to be called if there is no valid registry configuration setup. Note that
     # this is also safe since this method does not access any information not given in the request.
-    if not config_provider.yaml_exists() or SuperUserPermission().can():
+    if not config_provider.config_exists() or SuperUserPermission().can():
       config = request.get_json()['config']
       return validate_service_for_config(service, config, request.get_json().get('password', ''))
 

endpoints/web.py

@@ -9,7 +9,7 @@ from health.healthcheck import get_healthchecker
 
 from data import model
 from data.database import db
-from app import app, billing as stripe, build_logs, avatar, signer, log_archive
+from app import app, billing as stripe, build_logs, avatar, signer, log_archive, config_provider
 from auth.auth import require_session_login, process_oauth
 from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
                               SuperUserPermission, AdministerRepositoryPermission,
@@ -209,7 +209,7 @@ def v1():
 @web.route('/health/instance', methods=['GET'])
 @no_cache
 def instance_health():
-  checker = get_healthchecker(app)
+  checker = get_healthchecker(app, config_provider)
   (data, status_code) = checker.check_instance()
   response = jsonify(dict(data=data, status_code=status_code))
   response.status_code = status_code
@@ -221,7 +221,7 @@ def instance_health():
 @web.route('/health/endtoend', methods=['GET'])
 @no_cache
 def endtoend_health():
-  checker = get_healthchecker(app)
+  checker = get_healthchecker(app, config_provider)
   (data, status_code) = checker.check_endtoend()
   response = jsonify(dict(data=data, status_code=status_code))
   response.status_code = status_code