[Git][reproducible-builds/debian-rebuilder-setup][master] Add authentication to accumulator

Tue Nov 6 00:11:02 CET 2018

kpcyrd pushed to branch master at Reproducible Builds / debian-rebuilder-setup


Commits:
37da5575 by kpcyrd at 2018-11-05T23:00:51Z
Add authentication to accumulator

- - - - -


11 changed files:

- + .gitignore
- ansible.cfg
- builder/srebuild
- external_vars.yml
- + host_vars/default/accumulator.yml
- roles/builders/tasks/main.yml
- + roles/builders/templates/netrc.j2
- + roles/visualizers/files/htpasswd
- roles/visualizers/tasks/main.yml
- visualizer/accumulator.py
- visualizer/requirements.txt


Changes:

=====================================
.gitignore
=====================================
@@ -0,0 +1 @@
+/vault_password_file


=====================================
ansible.cfg
=====================================
@@ -2,3 +2,4 @@
 inventory = ./inventory
 roles_path = ./roles
 retry_files_enabled = False
+vault_password_file = vault_password_file


=====================================
builder/srebuild
=====================================
@@ -451,7 +451,7 @@ system_fatal "cat", $lnk;
 system_fatal "cat", $buildinfo_file;
 
 foreach my $visualizer (@ARGV) {
-  system_fatal "curl", "-fF", "metadata=\@$lnk", "-F", "buildinfo=\@$buildinfo_file", "$visualizer";
+  system_fatal "curl", "-fF", "--netrc-file", "/etc/srebuild-netrc", "metadata=\@$lnk", "-F", "buildinfo=\@$buildinfo_file", "$visualizer";
 }
 
 say STDOUT "everything is okay!";


=====================================
external_vars.yml
=====================================
@@ -7,3 +7,6 @@ http_template_enable: true
 
 rebuilder_publish:
 - http://127.0.0.1/new_build
+
+publish_domain_names:
+- 127.0.0.1


=====================================
host_vars/default/accumulator.yml
=====================================
@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+61366235303364383335323862386331303239313661376530646364653064333364326264393238
+3365336130353839623163613839623063303864663661350a656562653037346533623534353934
+65393137653664376131666635663062316263386538383461636561336437366332653536653436
+3634333366643463360a316332356236336633353164313131323139343164303734653732663937
+61623462666634623965383566396262623234623532623436636365326439373537623132303962
+61646562333039396462633766356631373361386663326362323364393535626364336661326162
+363938646231623939643030313861393364


=====================================
roles/builders/tasks/main.yml
=====================================
@@ -21,6 +21,12 @@
     src: srebuild-endpoints.j2
     dest: /etc/srebuild-endpoints
 
+- name: Add credential file
+  template:
+    src: netrc.j2
+    dest: /etc/srebuild-netrc
+    mode: 0600
+
 - name: Copy srebuild
   copy:
     src: ../../../builder/srebuild


=====================================
roles/builders/templates/netrc.j2
=====================================
@@ -0,0 +1,3 @@
+{% for name in publish_domain_names %}
+machine {{ name }} login default password {{ accumulator_password }}
+{% endfor %}


=====================================
roles/visualizers/files/htpasswd
=====================================
@@ -0,0 +1 @@
+default:$2y$05$FeNU3Itv3yzMX3/X2PaWbOAdtLjKeP0/nohDKBc58Q7Ig/AJenvMy


=====================================
roles/visualizers/tasks/main.yml
=====================================
@@ -37,6 +37,11 @@
   notify:
     - restart gunicorn-visualizer
 
+- name: Copy htpasswd
+  copy:
+    src: htpasswd
+    dest: /etc/nginx/htpasswd
+
 - name: Copy nginx config
   copy: src=default.conf dest=/etc/nginx/conf.d/default.conf
   notify: "(Handler: All OSs) Reload NGINX"


=====================================
visualizer/accumulator.py
=====================================
@@ -1,11 +1,15 @@
 from debian.deb822 import Deb822
 from flask import g, request, Flask
+from flask_htpasswd import HtPasswdAuth
 from os import mkdir
 from os.path import join
 from sqlite3 import connect
 from time import time
 
 app = Flask(__name__)
+app.config['FLASK_HTPASSWD_PATH'] = '/etc/nginx/htpasswd'
+
+htpasswd = HtPasswdAuth(app)
 
 DIR = '/var/builds/'
 DATABASE = '/var/rebuilder.db'
@@ -31,6 +35,7 @@ def close_connection(exception):
 
 
 @app.route('/new_build', methods=['POST'])
+ at htpasswd.required
 def new_build():
     metadata = request.files['metadata']
     buildinfo = request.files['buildinfo']


=====================================
visualizer/requirements.txt
=====================================
@@ -1,3 +1,4 @@
 flask
 gunicorn
 python-debian
+flask-htpasswd



View it on GitLab: https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup/commit/37da557518d41079d6d6fec881ebd6a28b8bbda3

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/debian-rebuilder-setup/commit/37da557518d41079d6d6fec881ebd6a28b8bbda3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20181105/d7f2dc27/attachment.html>
