diff --git a/stack_orchestrator/deploy/k8s/cluster_info.py b/stack_orchestrator/deploy/k8s/cluster_info.py index 0a1f4a71..ba01f6f5 100644 --- a/stack_orchestrator/deploy/k8s/cluster_info.py +++ b/stack_orchestrator/deploy/k8s/cluster_info.py @@ -1,5 +1,4 @@ # Copyright © 2023 Vulcanize - # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or @@ -14,6 +13,7 @@ # along with this program. If not, see . import os +import base64 from kubernetes import client from typing import Any, List, Set @@ -260,12 +260,12 @@ class ClusterInfo: for f in os.listdir(cfg_map_path): full_path = os.path.join(cfg_map_path, f) if os.path.isfile(full_path): - data[f] = open(full_path, 'rt').read() + data[f] = base64.b64encode(open(full_path, 'rb').read()).decode('ASCII') spec = client.V1ConfigMap( metadata=client.V1ObjectMeta(name=f"{self.app_name}-{cfg_map_name}", labels={"configmap-label": cfg_map_name}), - data=data + binary_data=data ) result.append(spec) return result diff --git a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py index 85414594..5da1f4eb 100644 --- a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py +++ b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py @@ -120,8 +120,13 @@ def process_app_deployment_request( f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}", "rb", ) as file: + record_owner = laconic.get_owner(app_deployment_request) decrypted = gpg.decrypt_file(file, passphrase=private_key_passphrase) - parsed = AttrDict(yaml.safe_load(decrypted)) + parsed = AttrDict(yaml.safe_load(decrypted.data)) + if record_owner not in parsed.authorized: + raise Exception( + f"{record_owner} not authorized to access config {app_deployment_request.attributes.config.ref}" + ) if "env" in parsed.config: env.update(parsed.config.env) @@ -132,7 +137,7 @@ def process_app_deployment_request( if env: env_filename = tempfile.mktemp() with open(env_filename, "w") as file: - for k, v in app_deployment_request.attributes.config["env"].items(): + for k, v in env.items(): file.write("%s=%s\n" % (k, shlex.quote(str(v)))) # 5. determine new or existing deployment diff --git a/stack_orchestrator/deploy/webapp/request_webapp_deployment.py b/stack_orchestrator/deploy/webapp/request_webapp_deployment.py index 0c219df1..1197e6f5 100644 --- a/stack_orchestrator/deploy/webapp/request_webapp_deployment.py +++ b/stack_orchestrator/deploy/webapp/request_webapp_deployment.py @@ -115,7 +115,7 @@ def command( # Upload it to the deployer's API response = requests.post( - deployer_record.attributes.apiUrl, + f"{deployer_record.attributes.apiUrl}/upload/config", data=result.data, headers={"Content-Type": "application/octet-stream"}, ) @@ -127,6 +127,7 @@ def command( deployment_request = { "record": { "type": "ApplicationDeploymentRequest", + "application": app, "version": "1.0.0", "name": f"{app_record.attributes.name}@{app_record.attributes.version}", "deployer": deployer, @@ -142,7 +143,7 @@ def command( if make_payment: amount = 0 if dry_run: - deployment_request["record"]["paymentTx"] = "DRY_RUN" + deployment_request["record"]["payment"] = "DRY_RUN" elif "auto" == make_payment: if "minimumPayment" in deployer_record.attributes: amount = int( @@ -154,10 +155,10 @@ def command( receipt = laconic.send_tokens( deployer_record.attributes.paymentAddress, amount ) - deployment_request["record"]["paymentTx"] = receipt.tx.hash + deployment_request["record"]["payment"] = receipt.tx.hash print("Payment TX:", receipt.tx.hash) elif use_payment: - deployment_request["record"]["paymentTx"] = use_payment + deployment_request["record"]["payment"] = use_payment if dry_run: print(yaml.dump(deployment_request))