Check authorization

stack_orchestrator/deploy/k8s/cluster_info.py

@@ -1,5 +1,4 @@
 # Copyright © 2023 Vulcanize
-
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
@@ -14,6 +13,7 @@
 # along with this program.  If not, see <http:#www.gnu.org/licenses/>.
 
 import os
+import base64
 
 from kubernetes import client
 from typing import Any, List, Set
@@ -260,12 +260,12 @@ class ClusterInfo:
             for f in os.listdir(cfg_map_path):
                 full_path = os.path.join(cfg_map_path, f)
                 if os.path.isfile(full_path):
-                    data[f] = open(full_path, 'rt').read()
+                    data[f] = base64.b64encode(open(full_path, 'rb').read()).decode('ASCII')
 
             spec = client.V1ConfigMap(
                 metadata=client.V1ObjectMeta(name=f"{self.app_name}-{cfg_map_name}",
                                              labels={"configmap-label": cfg_map_name}),
-                data=data
+                binary_data=data
             )
             result.append(spec)
         return result

stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py

@@ -120,8 +120,13 @@ def process_app_deployment_request(
                 f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}",
                 "rb",
             ) as file:
+                record_owner = laconic.get_owner(app_deployment_request)
                 decrypted = gpg.decrypt_file(file, passphrase=private_key_passphrase)
-                parsed = AttrDict(yaml.safe_load(decrypted))
+                parsed = AttrDict(yaml.safe_load(decrypted.data))
+                if record_owner not in parsed.authorized:
+                    raise Exception(
+                        f"{record_owner} not authorized to access config {app_deployment_request.attributes.config.ref}"
+                    )
                 if "env" in parsed.config:
                     env.update(parsed.config.env)
 
@@ -132,7 +137,7 @@ def process_app_deployment_request(
     if env:
         env_filename = tempfile.mktemp()
         with open(env_filename, "w") as file:
-            for k, v in app_deployment_request.attributes.config["env"].items():
+            for k, v in env.items():
                 file.write("%s=%s\n" % (k, shlex.quote(str(v))))
 
     # 5. determine new or existing deployment

stack_orchestrator/deploy/webapp/request_webapp_deployment.py

@@ -115,7 +115,7 @@ def command(
 
             # Upload it to the deployer's API
             response = requests.post(
-                deployer_record.attributes.apiUrl,
+                f"{deployer_record.attributes.apiUrl}/upload/config",
                 data=result.data,
                 headers={"Content-Type": "application/octet-stream"},
             )
@@ -127,6 +127,7 @@ def command(
         deployment_request = {
             "record": {
                 "type": "ApplicationDeploymentRequest",
+                "application": app,
                 "version": "1.0.0",
                 "name": f"{app_record.attributes.name}@{app_record.attributes.version}",
                 "deployer": deployer,
@@ -142,7 +143,7 @@ def command(
         if make_payment:
             amount = 0
             if dry_run:
-                deployment_request["record"]["paymentTx"] = "DRY_RUN"
+                deployment_request["record"]["payment"] = "DRY_RUN"
             elif "auto" == make_payment:
                 if "minimumPayment" in deployer_record.attributes:
                     amount = int(
@@ -154,10 +155,10 @@ def command(
                 receipt = laconic.send_tokens(
                     deployer_record.attributes.paymentAddress, amount
                 )
-                deployment_request["record"]["paymentTx"] = receipt.tx.hash
+                deployment_request["record"]["payment"] = receipt.tx.hash
                 print("Payment TX:", receipt.tx.hash)
         elif use_payment:
-            deployment_request["record"]["paymentTx"] = use_payment
+            deployment_request["record"]["payment"] = use_payment
 
         if dry_run:
             print(yaml.dump(deployment_request))