Decrypt
Some checks failed
Lint Checks / Run linter (pull_request) Failing after 41s
Smoke Test / Run basic test suite (pull_request) Successful in 5m27s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m27s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m51s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Successful in 7m31s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m13s
Some checks failed
Lint Checks / Run linter (pull_request) Failing after 41s
Smoke Test / Run basic test suite (pull_request) Successful in 5m27s
Webapp Test / Run webapp test suite (pull_request) Successful in 5m27s
Deploy Test / Run deploy test suite (pull_request) Successful in 5m51s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Successful in 7m31s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Successful in 9m13s
This commit is contained in:
parent
145271464b
commit
d808da4314
@ -23,11 +23,12 @@ import time
|
||||
import uuid
|
||||
|
||||
import click
|
||||
from pkg_resources import require
|
||||
import gnupg
|
||||
|
||||
from stack_orchestrator.deploy.images import remote_image_exists
|
||||
from stack_orchestrator.deploy.webapp import deploy_webapp
|
||||
from stack_orchestrator.deploy.webapp.util import (
|
||||
AttrDict,
|
||||
LaconicRegistryClient,
|
||||
TimedLogger,
|
||||
build_container_image,
|
||||
@ -41,6 +42,9 @@ from stack_orchestrator.deploy.webapp.util import (
|
||||
skip_by_tag,
|
||||
confirm_payment,
|
||||
)
|
||||
from stack_orchestrator.util import get_yaml
|
||||
|
||||
yaml = get_yaml()
|
||||
|
||||
|
||||
def process_app_deployment_request(
|
||||
@ -57,6 +61,8 @@ def process_app_deployment_request(
|
||||
fqdn_policy,
|
||||
recreate_on_deploy,
|
||||
deployer_record,
|
||||
gpg,
|
||||
config_upload_dir,
|
||||
logger,
|
||||
):
|
||||
logger.log("BEGIN - process_app_deployment_request")
|
||||
@ -108,11 +114,23 @@ def process_app_deployment_request(
|
||||
)
|
||||
|
||||
# 4. get build and runtime config from request
|
||||
env = {}
|
||||
if app_deployment_request.attributes.config:
|
||||
if "ref" in app_deployment_request.attributes.config:
|
||||
with open(
|
||||
f"{config_upload_dir}/{app_deployment_request.attributes.config.ref}",
|
||||
"rb",
|
||||
) as file:
|
||||
decrypted = gpg.decrypt_file(file)
|
||||
parsed = AttrDict(yaml.load(decrypted))
|
||||
if "env" in parsed.config:
|
||||
env.update(parsed.config.env)
|
||||
|
||||
if "env" in app_deployment_request.attributes.config:
|
||||
env.update(app_deployment_request.attributes.config.env)
|
||||
|
||||
env_filename = None
|
||||
if (
|
||||
app_deployment_request.attributes.config
|
||||
and "env" in app_deployment_request.attributes.config
|
||||
):
|
||||
if env:
|
||||
env_filename = tempfile.mktemp()
|
||||
with open(env_filename, "w") as file:
|
||||
for k, v in app_deployment_request.attributes.config["env"].items():
|
||||
@ -328,6 +346,14 @@ def dump_known_requests(filename, requests, status="SEEN"):
|
||||
"my payment address are examined).",
|
||||
is_flag=True,
|
||||
)
|
||||
@click.option(
|
||||
"--config-upload-dir",
|
||||
help="The directory containing uploaded config.",
|
||||
required=True,
|
||||
)
|
||||
@click.option(
|
||||
"--private-key-file", help="The private key for decrypting config.", required=True
|
||||
)
|
||||
@click.pass_context
|
||||
def command( # noqa: C901
|
||||
ctx,
|
||||
@ -351,6 +377,8 @@ def command( # noqa: C901
|
||||
log_dir,
|
||||
min_required_payment,
|
||||
lrn,
|
||||
config_upload_dir,
|
||||
private_key_file,
|
||||
all_requests,
|
||||
):
|
||||
if request_id and discover:
|
||||
@ -384,6 +412,18 @@ def command( # noqa: C901
|
||||
)
|
||||
sys.exit(2)
|
||||
|
||||
tempdir = tempfile.mkdtemp()
|
||||
gpg = gnupg.GPG(gnupghome=tempdir)
|
||||
|
||||
# Import the deployer's public key
|
||||
result = gpg.import_keys(open(private_key_file, "rb").read())
|
||||
if 1 != result.imported:
|
||||
print(
|
||||
f"Failed to load private key file: {private_key_file}.",
|
||||
file=sys.stderr,
|
||||
)
|
||||
sys.exit(2)
|
||||
|
||||
main_logger = TimedLogger(file=sys.stderr)
|
||||
|
||||
try:
|
||||
@ -586,6 +626,8 @@ def command( # noqa: C901
|
||||
fqdn_policy,
|
||||
recreate_on_deploy,
|
||||
deployer_record,
|
||||
gpg,
|
||||
config_upload_dir,
|
||||
build_logger,
|
||||
)
|
||||
status = "DEPLOYED"
|
||||
@ -606,3 +648,5 @@ def command( # noqa: C901
|
||||
except Exception as e:
|
||||
main_logger.log("UNCAUGHT ERROR:" + str(e))
|
||||
raise e
|
||||
finally:
|
||||
shutil.rmtree(tempdir)
|
||||
|
@ -114,9 +114,8 @@ def command(
|
||||
fatal("Failed to encrypt config.")
|
||||
|
||||
# Upload it to the deployer's API
|
||||
# deployer_record.attributes.apiUrl
|
||||
response = requests.post(
|
||||
"http://localhost:9555/upload/config",
|
||||
deployer_record.attributes.apiUrl,
|
||||
data=result.data,
|
||||
headers={"Content-Type": "application/octet-stream"},
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user