Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos.core
Commits
8c8efcf6
Commit
8c8efcf6
authored
May 27, 2020
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
WIP node secrets
parent
6c601a08
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
109 additions
and
3 deletions
+109
-3
slapos/grid/SlapObject.py
slapos/grid/SlapObject.py
+59
-1
slapos/grid/utils.py
slapos/grid/utils.py
+50
-2
No files found.
slapos/grid/SlapObject.py
View file @
8c8efcf6
...
...
@@ -288,6 +288,7 @@ class Software(object):
additional_parameters
=
list
(
self
.
_additional_buildout_parameters
(
extends_cache
))
additional_parameters
.
extend
([
'-c'
,
buildout_cfg
])
# install real bin/buildout
buildout_binary
=
os
.
path
.
join
(
self
.
software_path
,
'bin'
,
'buildout'
)
buildout_marker
=
buildout_binary
+
"-bootstrap-skipped"
...
...
@@ -303,8 +304,65 @@ class Software(object):
buildout
=
self
.
buildout
,
logger
=
self
.
logger
,
additional_buildout_parameter_list
=
additional_parameters
)
# create a wrapper to load secrets
buildout_secrets_binary
=
os
.
path
.
join
(
self
.
software_path
,
'bin'
,
'slapos-buildout-secrets'
)
with
open
(
buildout_secrets_binary
,
'w'
)
as
buildout_secrets_script
:
buildout_secrets_script
.
write
(
"""#!/srv/slapgrid/slappart3/srv/runner/project/env27/bin/python
# TODO: exec with python from bin/buildout 's shebang
import json
import logging
import os
import urllib2
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
logger.addHandler(logging.StreamHandler())
def apply_patches():
with open('/srv/slapgrid/slappart3/srv/runner/project/slapos-auth-check/secrets.json') as f:
config = json.load(f)
urllib_headers = config.get('urllib-headers')
if urllib_headers:
logger.info("installing urllib2 opener")
class ExtraHeadersHTTPSHandler(urllib2.HTTPSHandler, object):
'''custom HTTPSHandler appending request headers
'''
def https_open(self, req):
# type: (urllib2.Request) -> None
host = req.get_host()
extra_headers = urllib_headers.get(host)
if extra_headers:
logger.info("matched request %s", req.get_full_url())
for k, v in extra_headers.items():
req.add_header(k, v)
return super(ExtraHeadersHTTPSHandler, self).https_open(req)
urllib2.install_opener(urllib2.build_opener(ExtraHeadersHTTPSHandler))
gitconfig = os.path.join(os.environ['HOME'], '.gitconfig')
logger.info("adjusting gitconfig at %s", gitconfig)
# at this point slapos should have set HOME
with open(gitconfig, 'a') as f:
for original_url, replacement_url in config['git'].items():
f.write('''
[url "{replacement_url}"]
insteadOf = {original_url}
'''.format(original_url=original_url, replacement_url=replacement_url,))
apply_patches()
with open(os.path.join(os.path.dirname(__file__), 'buildout')) as buildout_f:
exec(buildout_f.read())
"""
)
os
.
chmod
(
buildout_secrets_binary
,
0o700
)
utils
.
launchBuildout
(
path
=
self
.
software_path
,
buildout_binary
=
buildout_binary
,
buildout_binary
=
buildout_
secrets_
binary
,
logger
=
self
.
logger
,
additional_buildout_parameter_list
=
additional_parameters
,
debug
=
self
.
buildout_debug
)
...
...
slapos/grid/utils.py
View file @
8c8efcf6
...
...
@@ -254,10 +254,58 @@ def bootstrapBuildout(path, logger, buildout=None,
if
additional_buildout_parameter_list
is
None
:
additional_buildout_parameter_list
=
[]
# Reads uid/gid of path, launches buildout with thoses privileges
stat_info
=
os
.
stat
(
path
)
stat_info
=
os
.
stat
(
path
)
uid
=
stat_info
.
st_uid
gid
=
stat_info
.
st_gid
open
(
'/tmp/secrets.py'
,
'w'
).
write
(
"""
import logging
import os
import json
import urllib2
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
logger.addHandler(logging.StreamHandler())
def apply_patches():
with open('/srv/slapgrid/slappart3/srv/runner/project/slapos-auth-check/secrets.json') as f:
config = json.load(f)
urllib_headers = config.get('urllib-headers')
if urllib_headers:
logger.info("installing urllib2 opener")
class ExtraHeadersHTTPSHandler(urllib2.HTTPSHandler, object):
'''custom HTTPSHandler appending request headers
'''
def https_open(self, req):
# type: (urllib2.Request) -> None
host = req.get_host()
extra_headers = urllib_headers.get(host)
if extra_headers:
logger.info("matched request %s", req.get_full_url())
for k, v in extra_headers.items():
req.add_header(k, v)
return super(ExtraHeadersHTTPSHandler, self).https_open(req)
urllib2.install_opener(urllib2.build_opener(ExtraHeadersHTTPSHandler))
gitconfig = os.path.join(os.environ['HOME'], '.gitconfig')
logger.info("adjusting gitconfig at %s", gitconfig)
# at this point slapos should have set HOME
with open(gitconfig, 'a') as f:
for original_url, replacement_url in config['git'].items():
f.write('''
[url "{replacement_url}"]
insteadOf = {original_url}
'''.format(original_url=original_url, replacement_url=replacement_url,))
apply_patches()
"""
)
invocation_list
=
[
sys
.
executable
,
'-S'
]
if
buildout
is
not
None
:
invocation_list
.
append
(
buildout
)
...
...
@@ -275,7 +323,7 @@ def bootstrapBuildout(path, logger, buildout=None,
# buildout is importable, so use this one
invocation_list
.
extend
([
"-c"
,
"import sys ; sys.path="
+
str
(
sys
.
path
)
+
" ; import zc.buildout.buildout ; sys.argv[1:1]="
+
repr
(
additional_buildout_parameter_list
+
[
'bootstrap'
])
+
" ; "
repr
(
additional_buildout_parameter_list
+
[
'bootstrap'
])
+
" ;
exec(open('/tmp/secrets.py').read());
"
"zc.buildout.buildout.main()"
])
if
buildout
is
not
None
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment