Add Kubernetes configuration provider which writes config to a secret
Fixes #145
This commit is contained in:
Joseph Schorr
parent
88a04441de
commit
fd3a21fba9
10 changed files with 179 additions and 44 deletions
|
|
@ -62,7 +62,7 @@ class SuperUserRegistryStatus(ApiResource):
|
|||
}
|
||||
|
||||
# If there is no config file, we need to setup the database.
|
||||
if not config_provider.yaml_exists():
|
||||
if not config_provider.config_exists():
|
||||
return {
|
||||
'status': 'config-db'
|
||||
}
|
||||
|
|
@ -107,10 +107,10 @@ class SuperUserSetupDatabase(ApiResource):
|
|||
""" Invokes the alembic upgrade process. """
|
||||
# Note: This method is called after the database configured is saved, but before the
|
||||
# database has any tables. Therefore, we only allow it to be run in that unique case.
|
||||
if config_provider.yaml_exists() and not database_is_valid():
|
||||
if config_provider.config_exists() and not database_is_valid():
|
||||
# Note: We need to reconfigure the database here as the config has changed.
|
||||
combined = dict(**app.config)
|
||||
combined.update(config_provider.get_yaml())
|
||||
combined.update(config_provider.get_config())
|
||||
|
||||
configure(combined)
|
||||
app.config['DB_URI'] = combined['DB_URI']
|
||||
|
|
@ -185,7 +185,7 @@ class SuperUserConfig(ApiResource):
|
|||
def get(self):
|
||||
""" Returns the currently defined configuration, if any. """
|
||||
if SuperUserPermission().can():
|
||||
config_object = config_provider.get_yaml()
|
||||
config_object = config_provider.get_config()
|
||||
return {
|
||||
'config': config_object
|
||||
}
|
||||
|
|
@ -196,18 +196,18 @@ class SuperUserConfig(ApiResource):
|
|||
@verify_not_prod
|
||||
@validate_json_request('UpdateConfig')
|
||||
def put(self):
|
||||
""" Updates the config.yaml file. """
|
||||
""" Updates the config override file. """
|
||||
# Note: This method is called to set the database configuration before super users exists,
|
||||
# so we also allow it to be called if there is no valid registry configuration setup.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
config_object = request.get_json()['config']
|
||||
hostname = request.get_json()['hostname']
|
||||
|
||||
# Add any enterprise defaults missing from the config.
|
||||
add_enterprise_config_defaults(config_object, app.config['SECRET_KEY'], hostname)
|
||||
|
||||
# Write the configuration changes to the YAML file.
|
||||
config_provider.save_yaml(config_object)
|
||||
# Write the configuration changes to the config override file.
|
||||
config_provider.save_config(config_object)
|
||||
|
||||
# If the authentication system is not the database, link the superuser account to the
|
||||
# the authentication system chosen.
|
||||
|
|
@ -252,7 +252,7 @@ class SuperUserConfigFile(ApiResource):
|
|||
|
||||
# Note: This method can be called before the configuration exists
|
||||
# to upload the database SSL cert.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
uploaded_file = request.files['file']
|
||||
if not uploaded_file:
|
||||
abort(400)
|
||||
|
|
@ -309,7 +309,7 @@ class SuperUserCreateInitialSuperUser(ApiResource):
|
|||
#
|
||||
# We do this special security check because at the point this method is called, the database
|
||||
# is clean but does not (yet) have any super users for our permissions code to check against.
|
||||
if config_provider.yaml_exists() and not database_has_users():
|
||||
if config_provider.config_exists() and not database_has_users():
|
||||
data = request.get_json()
|
||||
username = data['username']
|
||||
password = data['password']
|
||||
|
|
@ -319,9 +319,9 @@ class SuperUserCreateInitialSuperUser(ApiResource):
|
|||
superuser = model.user.create_user(username, password, email, auto_verify=True)
|
||||
|
||||
# Add the user to the config.
|
||||
config_object = config_provider.get_yaml()
|
||||
config_object = config_provider.get_config()
|
||||
config_object['SUPER_USERS'] = [username]
|
||||
config_provider.save_yaml(config_object)
|
||||
config_provider.save_config(config_object)
|
||||
|
||||
# Update the in-memory config for the new superuser.
|
||||
superusers.register_superuser(username)
|
||||
|
|
@ -369,7 +369,7 @@ class SuperUserConfigValidate(ApiResource):
|
|||
# Note: This method is called to validate the database configuration before super users exists,
|
||||
# so we also allow it to be called if there is no valid registry configuration setup. Note that
|
||||
# this is also safe since this method does not access any information not given in the request.
|
||||
if not config_provider.yaml_exists() or SuperUserPermission().can():
|
||||
if not config_provider.config_exists() or SuperUserPermission().can():
|
||||
config = request.get_json()['config']
|
||||
return validate_service_for_config(service, config, request.get_json().get('password', ''))
|
||||
|
||||
|
|
|
|||
Reference in a new issue