Decrypt
Some checks failed
Lint Checks / Run linter (pull_request) Failing after 41s
Smoke Test / Run basic test suite (pull_request) Successful in 5m27s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m27s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m51s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Successful in 7m31s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m13s

This commit is contained in:
Thomas E Lackey 2024-08-24 00:43:09 -05:00
parent 145271464b
commit d808da4314
2 changed files with 50 additions and 7 deletions

View File

@ -23,11 +23,12 @@ import time
import uuid import uuid
import click import click
from pkg_resources import require import gnupg
from stack_orchestrator.deploy.images import remote_image_exists from stack_orchestrator.deploy.images import remote_image_exists
from stack_orchestrator.deploy.webapp import deploy_webapp from stack_orchestrator.deploy.webapp import deploy_webapp
from stack_orchestrator.deploy.webapp.util import ( from stack_orchestrator.deploy.webapp.util import (
AttrDict,
LaconicRegistryClient, LaconicRegistryClient,
TimedLogger, TimedLogger,
build_container_image, build_container_image,
@ -41,6 +42,9 @@ from stack_orchestrator.deploy.webapp.util import (
skip_by_tag, skip_by_tag,
confirm_payment, confirm_payment,
) )
from stack_orchestrator.util import get_yaml
yaml = get_yaml()
def process_app_deployment_request( def process_app_deployment_request(
@ -57,6 +61,8 @@ def process_app_deployment_request(
fqdn_policy, fqdn_policy,
recreate_on_deploy, recreate_on_deploy,
deployer_record, deployer_record,
gpg,
config_upload_dir,
logger, logger,
): ):
logger.log("BEGIN - process_app_deployment_request") logger.log("BEGIN - process_app_deployment_request")
@ -108,11 +114,23 @@ def process_app_deployment_request(
) )
# 4. get build and runtime config from request # 4. get build and runtime config from request
env = {}
if app_deployment_request.attributes.config:
if "ref" in app_deployment_request.attributes.config:
with open(
f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}",
"rb",
) as file:
decrypted = gpg.decrypt_file(file)
parsed = AttrDict(yaml.load(decrypted))
if "env" in parsed.config:
env.update(parsed.config.env)
if "env" in app_deployment_request.attributes.config:
env.update(app_deployment_request.attributes.config.env)
env_filename = None env_filename = None
if ( if env:
app_deployment_request.attributes.config
and "env" in app_deployment_request.attributes.config
):
env_filename = tempfile.mktemp() env_filename = tempfile.mktemp()
with open(env_filename, "w") as file: with open(env_filename, "w") as file:
for k, v in app_deployment_request.attributes.config["env"].items(): for k, v in app_deployment_request.attributes.config["env"].items():
@ -328,6 +346,14 @@ def dump_known_requests(filename, requests, status="SEEN"):
"my payment address are examined).", "my payment address are examined).",
is_flag=True, is_flag=True,
) )
@click.option(
"--config-upload-dir",
help="The directory containing uploaded config.",
required=True,
)
@click.option(
"--private-key-file", help="The private key for decrypting config.", required=True
)
@click.pass_context @click.pass_context
def command( # noqa: C901 def command( # noqa: C901
ctx, ctx,
@ -351,6 +377,8 @@ def command( # noqa: C901
log_dir, log_dir,
min_required_payment, min_required_payment,
lrn, lrn,
config_upload_dir,
private_key_file,
all_requests, all_requests,
): ):
if request_id and discover: if request_id and discover:
@ -384,6 +412,18 @@ def command( # noqa: C901
) )
sys.exit(2) sys.exit(2)
tempdir = tempfile.mkdtemp()
gpg = gnupg.GPG(gnupghome=tempdir)
# Import the deployer's public key
result = gpg.import_keys(open(private_key_file, "rb").read())
if 1 != result.imported:
print(
f"Failed to load private key file: {private_key_file}.",
file=sys.stderr,
)
sys.exit(2)
main_logger = TimedLogger(file=sys.stderr) main_logger = TimedLogger(file=sys.stderr)
try: try:
@ -586,6 +626,8 @@ def command( # noqa: C901
fqdn_policy, fqdn_policy,
recreate_on_deploy, recreate_on_deploy,
deployer_record, deployer_record,
gpg,
config_upload_dir,
build_logger, build_logger,
) )
status = "DEPLOYED" status = "DEPLOYED"
@ -606,3 +648,5 @@ def command( # noqa: C901
except Exception as e: except Exception as e:
main_logger.log("UNCAUGHT ERROR:" + str(e)) main_logger.log("UNCAUGHT ERROR:" + str(e))
raise e raise e
finally:
shutil.rmtree(tempdir)

View File

@ -114,9 +114,8 @@ def command(
fatal("Failed to encrypt config.") fatal("Failed to encrypt config.")
# Upload it to the deployer's API # Upload it to the deployer's API
# deployer_record.attributes.apiUrl
response = requests.post( response = requests.post(
"http://localhost:9555/upload/config", deployer_record.attributes.apiUrl,
data=result.data, data=result.data,
headers={"Content-Type": "application/octet-stream"}, headers={"Content-Type": "application/octet-stream"},
) )