Add Kubernetes configuration provider which writes config to a secret
Fixes #145
This commit is contained in:
parent
88a04441de
commit
fd3a21fba9
10 changed files with 179 additions and 44 deletions
|
@ -62,7 +62,7 @@ class SuperUserRegistryStatus(ApiResource):
|
|||
}
|
||||
|
||||
# If there is no config file, we need to setup the database.
|
||||
if not config_provider.yaml_exists():
|
||||
if not config_provider.config_exists():
|
||||
return {
|
||||
'status': 'config-db'
|
||||
}
|
||||
|
@ -107,10 +107,10 @@ class SuperUserSetupDatabase(ApiResource):
|
|||
""" Invokes the alembic upgrade process. """
|
||||
# Note: This method is called after the database configured is saved, but before the
|
||||
# database has any tables. Therefore, we only allow it to be run in that unique case.
|
||||
if config_provider.yaml_exists() and not database_is_valid():
|
||||
if config_provider.config_exists() and not database_is_valid():
|
||||
# Note: We need to reconfigure the database here as the config has changed.
|
||||
combined = dict(**app.config)
|
||||
combined.update(config_provider.get_yaml())
|
||||
combined.update(config_provider.get_config())
|
||||
|
||||
configure(combined)
|
||||
app.config['DB_URI'] = combined['DB_URI']
|
||||
|
@ -185,7 +185,7 @@ class SuperUserConfig(ApiResource):
|
|||
def get(self):
|
||||
""" Returns the currently defined configuration, if any. """
|
||||
if SuperUserPermission().can():
|
||||
config_object = config_provider.get_yaml()
|
||||
config_object = config_provider.get_config()
|
||||
return {
|
||||
'config': config_object
|
||||
}
|
||||
|
@ -196,18 +196,18 @@ class SuperUserConfig(ApiResource):
|
|||
@verify_not_prod
|
||||
@validate_json_request('UpdateConfig')
|
||||
def put(self):
|
||||
""" Updates the config.yaml file. """
|
||||
""" Updates the config override file. """
|
||||
# Note: This method is called to set the database configuration before super users exists,
|
||||
# so we also allow it to be called if there is no valid registry configuration setup.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
config_object = request.get_json()['config']
|
||||
hostname = request.get_json()['hostname']
|
||||
|
||||
# Add any enterprise defaults missing from the config.
|
||||
add_enterprise_config_defaults(config_object, app.config['SECRET_KEY'], hostname)
|
||||
|
||||
# Write the configuration changes to the YAML file.
|
||||
config_provider.save_yaml(config_object)
|
||||
# Write the configuration changes to the config override file.
|
||||
config_provider.save_config(config_object)
|
||||
|
||||
# If the authentication system is not the database, link the superuser account to the
|
||||
# the authentication system chosen.
|
||||
|
@ -252,7 +252,7 @@ class SuperUserConfigFile(ApiResource):
|
|||
|
||||
# Note: This method can be called before the configuration exists
|
||||
# to upload the database SSL cert.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
uploaded_file = request.files['file']
|
||||
if not uploaded_file:
|
||||
abort(400)
|
||||
|
@ -309,7 +309,7 @@ class SuperUserCreateInitialSuperUser(ApiResource):
|
|||
#
|
||||
# We do this special security check because at the point this method is called, the database
|
||||
# is clean but does not (yet) have any super users for our permissions code to check against.
|
||||
if config_provider.yaml_exists() and not database_has_users():
|
||||
if config_provider.config_exists() and not database_has_users():
|
||||
data = request.get_json()
|
||||
username = data['username']
|
||||
password = data['password']
|
||||
|
@ -319,9 +319,9 @@ class SuperUserCreateInitialSuperUser(ApiResource):
|
|||
superuser = model.user.create_user(username, password, email, auto_verify=True)
|
||||
|
||||
# Add the user to the config.
|
||||
config_object = config_provider.get_yaml()
|
||||
config_object = config_provider.get_config()
|
||||
config_object['SUPER_USERS'] = [username]
|
||||
config_provider.save_yaml(config_object)
|
||||
config_provider.save_config(config_object)
|
||||
|
||||
# Update the in-memory config for the new superuser.
|
||||
superusers.register_superuser(username)
|
||||
|
@ -369,7 +369,7 @@ class SuperUserConfigValidate(ApiResource):
|
|||
# Note: This method is called to validate the database configuration before super users exists,
|
||||
# so we also allow it to be called if there is no valid registry configuration setup. Note that
|
||||
# this is also safe since this method does not access any information not given in the request.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
config = request.get_json()['config']
|
||||
return validate_service_for_config(service, config, request.get_json().get('password', ''))
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ from health.healthcheck import get_healthchecker
|
|||
|
||||
from data import model
|
||||
from data.database import db
|
||||
from app import app, billing as stripe, build_logs, avatar, signer, log_archive
|
||||
from app import app, billing as stripe, build_logs, avatar, signer, log_archive, config_provider
|
||||
from auth.auth import require_session_login, process_oauth
|
||||
from auth.permissions import (AdministerOrganizationPermission, ReadRepositoryPermission,
|
||||
SuperUserPermission, AdministerRepositoryPermission,
|
||||
|
@ -209,7 +209,7 @@ def v1():
|
|||
@web.route('/health/instance', methods=['GET'])
|
||||
@no_cache
|
||||
def instance_health():
|
||||
checker = get_healthchecker(app)
|
||||
checker = get_healthchecker(app, config_provider)
|
||||
(data, status_code) = checker.check_instance()
|
||||
response = jsonify(dict(data=data, status_code=status_code))
|
||||
response.status_code = status_code
|
||||
|
@ -221,7 +221,7 @@ def instance_health():
|
|||
@web.route('/health/endtoend', methods=['GET'])
|
||||
@no_cache
|
||||
def endtoend_health():
|
||||
checker = get_healthchecker(app)
|
||||
checker = get_healthchecker(app, config_provider)
|
||||
(data, status_code) = checker.check_endtoend()
|
||||
response = jsonify(dict(data=data, status_code=status_code))
|
||||
response.status_code = status_code
|
||||
|
|
Reference in a new issue