Check authorization
Some checks failed
Lint Checks / Run linter (pull_request) Failing after 34s
Deploy Test / Run deploy test suite (pull_request) Successful in 4m54s
Webapp Test / Run webapp test suite (pull_request) Successful in 4m42s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Successful in 6m43s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 7m54s
Smoke Test / Run basic test suite (pull_request) Successful in 4m24s

This commit is contained in:
Thomas E Lackey 2024-08-26 18:54:32 -05:00
parent 595cba255b
commit 08b50f983d
3 changed files with 15 additions and 9 deletions

View File

@ -1,5 +1,4 @@
# Copyright © 2023 Vulcanize
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
@ -14,6 +13,7 @@
# along with this program. If not, see <http:#www.gnu.org/licenses/>.
import os
import base64
from kubernetes import client
from typing import Any, List, Set
@ -260,12 +260,12 @@ class ClusterInfo:
for f in os.listdir(cfg_map_path):
full_path = os.path.join(cfg_map_path, f)
if os.path.isfile(full_path):
data[f] = open(full_path, 'rt').read()
data[f] = base64.b64encode(open(full_path, 'rb').read()).decode('ASCII')
spec = client.V1ConfigMap(
metadata=client.V1ObjectMeta(name=f"{self.app_name}-{cfg_map_name}",
labels={"configmap-label": cfg_map_name}),
data=data
binary_data=data
)
result.append(spec)
return result

View File

@ -120,8 +120,13 @@ def process_app_deployment_request(
f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}",
"rb",
) as file:
record_owner = laconic.get_owner(app_deployment_request)
decrypted = gpg.decrypt_file(file, passphrase=private_key_passphrase)
parsed = AttrDict(yaml.safe_load(decrypted))
parsed = AttrDict(yaml.safe_load(decrypted.data))
if record_owner not in parsed.authorized:
raise Exception(
f"{record_owner} not authorized to access config {app_deployment_request.attributes.config.ref}"
)
if "env" in parsed.config:
env.update(parsed.config.env)
@ -132,7 +137,7 @@ def process_app_deployment_request(
if env:
env_filename = tempfile.mktemp()
with open(env_filename, "w") as file:
for k, v in app_deployment_request.attributes.config["env"].items():
for k, v in env.items():
file.write("%s=%s\n" % (k, shlex.quote(str(v))))
# 5. determine new or existing deployment

View File

@ -115,7 +115,7 @@ def command(
# Upload it to the deployer's API
response = requests.post(
deployer_record.attributes.apiUrl,
f"{deployer_record.attributes.apiUrl}/upload/config",
data=result.data,
headers={"Content-Type": "application/octet-stream"},
)
@ -127,6 +127,7 @@ def command(
deployment_request = {
"record": {
"type": "ApplicationDeploymentRequest",
"application": app,
"version": "1.0.0",
"name": f"{app_record.attributes.name}@{app_record.attributes.version}",
"deployer": deployer,
@ -142,7 +143,7 @@ def command(
if make_payment:
amount = 0
if dry_run:
deployment_request["record"]["paymentTx"] = "DRY_RUN"
deployment_request["record"]["payment"] = "DRY_RUN"
elif "auto" == make_payment:
if "minimumPayment" in deployer_record.attributes:
amount = int(
@ -154,10 +155,10 @@ def command(
receipt = laconic.send_tokens(
deployer_record.attributes.paymentAddress, amount
)
deployment_request["record"]["paymentTx"] = receipt.tx.hash
deployment_request["record"]["payment"] = receipt.tx.hash
print("Payment TX:", receipt.tx.hash)
elif use_payment:
deployment_request["record"]["paymentTx"] = use_payment
deployment_request["record"]["payment"] = use_payment
if dry_run:
print(yaml.dump(deployment_request))