From 788e4ea9f76c936c1a79cf9afd06d015da144f37 Mon Sep 17 00:00:00 2001 From: "p.delpy@dkfz-heidelberg.de" Date: Tue, 25 Jul 2023 14:08:54 +0200 Subject: [PATCH] add generic bash function addBasicAuthUser --- bridgehead | 4 ++++ ccp/nngm-compose.yml | 7 ++++++- lib/functions.sh | 24 ++++++++++++++++++++++++ lib/install-bridgehead.sh | 2 +- lib/sitespecific-functions.sh | 7 +++++++ 5 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 lib/sitespecific-functions.sh diff --git a/bridgehead b/bridgehead index 2709f8c..1a88973 100755 --- a/bridgehead +++ b/bridgehead @@ -103,6 +103,10 @@ case "$ACTION" in uninstall) exec ./lib/uninstall-bridgehead.sh $PROJECT ;; + addUser) + loadVars + exec ./lib/sitespecific-functions.sh $PROJECT + ;; enroll) loadVars diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml index 47bfa70..18be977 100644 --- a/ccp/nngm-compose.yml +++ b/ccp/nngm-compose.yml @@ -18,7 +18,12 @@ services: - "traefik.http.middlewares.connector_strip.stripprefix.prefixes=/nngm-connector" - "traefik.http.services.connector.loadbalancer.server.port=8080" - "traefik.http.routers.connector.tls=true" - - "traefik.http.routers.connector.middlewares=connector_strip,auth" + - "traefik.http.routers.connector.middlewares=connector_strip,auth-nngm" volumes: - nngm-rest:/var/log + traefik: + labels: + - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH" + + diff --git a/lib/functions.sh b/lib/functions.sh index a243842..cd73186 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -183,3 +183,27 @@ function bk_is_running { ##Setting Network properties # currently not needed #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}'); +addBasicAuthUser() { + USER="${1}" + PASSWORD="${2}" + NAME="${3}" + PROJECT="${4}" + FILE="/etc/bridgehead/${PROJECT}.local.conf" + ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD | tr -d '\n' | tr -d '\r')" + if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists: + then + sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE + else + echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE; + fi + read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn + case $yn in + [yYjJ] ) + echo "ok, variables are saved in $FILE" + echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE; + ;; + [nN] ) + echo "skip saving cleartext LDM credentials; make sure to save them somewhere else" + ;; + esac +} \ No newline at end of file diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh index c42119f..906e4a1 100755 --- a/lib/install-bridgehead.sh +++ b/lib/install-bridgehead.sh @@ -34,7 +34,7 @@ if [ -z "$LDM_PASSWORD" ]; then generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)" log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd" - echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; + addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT fi log "INFO" "Registering system units for bridgehead and bridgehead-update" diff --git a/lib/sitespecific-functions.sh b/lib/sitespecific-functions.sh new file mode 100644 index 0000000..55c3142 --- /dev/null +++ b/lib/sitespecific-functions.sh @@ -0,0 +1,7 @@ +#!/bin/bash -e +source lib/functions.sh +PROJECT="ccp" +log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf" +read -p "Please enter custom user: " user +read -s -p "Please enter password (will not be echoed): "$'\n' password +addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT \ No newline at end of file