From 788e4ea9f76c936c1a79cf9afd06d015da144f37 Mon Sep 17 00:00:00 2001
From: "p.delpy@dkfz-heidelberg.de"
Date: Tue, 25 Jul 2023 14:08:54 +0200
Subject: [PATCH] add generic bash function addBasicAuthUser
---
bridgehead | 4 ++++
ccp/nngm-compose.yml | 7 ++++++-
lib/functions.sh | 24 ++++++++++++++++++++++++
lib/install-bridgehead.sh | 2 +-
lib/sitespecific-functions.sh | 7 +++++++
5 files changed, 42 insertions(+), 2 deletions(-)
create mode 100644 lib/sitespecific-functions.sh
diff --git a/bridgehead b/bridgehead
index 2709f8c..1a88973 100755
--- a/bridgehead
+++ b/bridgehead
@@ -103,6 +103,10 @@ case "$ACTION" in
uninstall)
exec ./lib/uninstall-bridgehead.sh $PROJECT
;;
+ addUser)
+ loadVars
+ exec ./lib/sitespecific-functions.sh $PROJECT
+ ;;
enroll)
loadVars
diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml
index 47bfa70..18be977 100644
--- a/ccp/nngm-compose.yml
+++ b/ccp/nngm-compose.yml
@@ -18,7 +18,12 @@ services:
- "traefik.http.middlewares.connector_strip.stripprefix.prefixes=/nngm-connector"
- "traefik.http.services.connector.loadbalancer.server.port=8080"
- "traefik.http.routers.connector.tls=true"
- - "traefik.http.routers.connector.middlewares=connector_strip,auth"
+ - "traefik.http.routers.connector.middlewares=connector_strip,auth-nngm"
volumes:
- nngm-rest:/var/log
+ traefik:
+ labels:
+ - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH"
+
+
diff --git a/lib/functions.sh b/lib/functions.sh
index a243842..cd73186 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -183,3 +183,27 @@ function bk_is_running {
##Setting Network properties
# currently not needed
#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
+addBasicAuthUser() {
+ USER="${1}"
+ PASSWORD="${2}"
+ NAME="${3}"
+ PROJECT="${4}"
+ FILE="/etc/bridgehead/${PROJECT}.local.conf"
+ ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD | tr -d '\n' | tr -d '\r')"
+ if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists:
+ then
+ sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE
+ else
+ echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE;
+ fi
+ read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn
+ case $yn in
+ [yYjJ] )
+ echo "ok, variables are saved in $FILE"
+ echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE;
+ ;;
+ [nN] )
+ echo "skip saving cleartext LDM credentials; make sure to save them somewhere else"
+ ;;
+ esac
+}
\ No newline at end of file
diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh
index c42119f..906e4a1 100755
--- a/lib/install-bridgehead.sh
+++ b/lib/install-bridgehead.sh
@@ -34,7 +34,7 @@ if [ -z "$LDM_PASSWORD" ]; then
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd"
- echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
+ addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT
fi
log "INFO" "Registering system units for bridgehead and bridgehead-update"
diff --git a/lib/sitespecific-functions.sh b/lib/sitespecific-functions.sh
new file mode 100644
index 0000000..55c3142
--- /dev/null
+++ b/lib/sitespecific-functions.sh
@@ -0,0 +1,7 @@
+#!/bin/bash -e
+source lib/functions.sh
+PROJECT="ccp"
+log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
+read -p "Please enter custom user: " user
+read -s -p "Please enter password (will not be echoed): "$'\n' password
+addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT
\ No newline at end of file