From dc0fc286b1fb356293934f30b90e4983e6b6974c Mon Sep 17 00:00:00 2001
From: "p.delpy@dkfz-heidelberg.de"
Date: Thu, 27 Jul 2023 15:38:29 +0200
Subject: [PATCH] add generic bash function addBasicAuthUser
---
bridgehead | 1 -
ccp/nngm-compose.yml | 2 +-
ccp/nngm-setup.sh | 4 ----
lib/functions.sh | 32 +++++++++-----------------------
lib/install-bridgehead.sh | 12 ++++++++----
lib/sitespecific-functions.sh | 14 +++++++++-----
minimal/docker-compose.yml | 2 +-
7 files changed, 28 insertions(+), 39 deletions(-)
mode change 100644 => 100755 lib/sitespecific-functions.sh
diff --git a/bridgehead b/bridgehead
index 1a88973..5319620 100755
--- a/bridgehead
+++ b/bridgehead
@@ -73,7 +73,6 @@ case "$ACTION" in
hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
checkRequirements
hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
- export LDM_LOGIN=$(getLdmPassword)
exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
;;
stop)
diff --git a/ccp/nngm-compose.yml b/ccp/nngm-compose.yml
index 18be977..e61532d 100644
--- a/ccp/nngm-compose.yml
+++ b/ccp/nngm-compose.yml
@@ -24,6 +24,6 @@ services:
traefik:
labels:
- - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH"
+ - "traefik.http.middlewares.auth-nngm.basicauth.users=${NNGM_AUTH}"
diff --git a/ccp/nngm-setup.sh b/ccp/nngm-setup.sh
index bcc4cd1..cb9590a 100644
--- a/ccp/nngm-setup.sh
+++ b/ccp/nngm-setup.sh
@@ -1,8 +1,4 @@
#!/bin/bash
-##nNGM vars:
-#NNGM_MAGICPL_APIKEY
-#NNGM_CTS_APIKEY
-#NNGM_CRYPTKEY
function nngmSetup() {
if [ -n "$NNGM_CTS_APIKEY" ]; then
diff --git a/lib/functions.sh b/lib/functions.sh
index cd73186..d6c1b85 100644
--- a/lib/functions.sh
+++ b/lib/functions.sh
@@ -9,14 +9,6 @@ detectCompose() {
fi
}
-getLdmPassword() {
- if [ -n "$LDM_PASSWORD" ]; then
- docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r'
- else
- echo -n ""
- fi
-}
-
exitIfNotRoot() {
if [ "$EUID" -ne 0 ]; then
log "ERROR" "Please run as root"
@@ -34,7 +26,7 @@ checkOwner(){
}
printUsage() {
- echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|enroll PROJECTNAME"
+ echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|addUser|enroll PROJECTNAME"
echo "PROJECTNAME should be one of ccp|bbmri"
}
@@ -183,27 +175,21 @@ function bk_is_running {
##Setting Network properties
# currently not needed
#export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
-addBasicAuthUser() {
+
+
+add_basic_auth_user() {
USER="${1}"
PASSWORD="${2}"
NAME="${3}"
PROJECT="${4}"
FILE="/etc/bridgehead/${PROJECT}.local.conf"
ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD | tr -d '\n' | tr -d '\r')"
- if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists:
+ if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a specific basic auth user already exists:
then
- sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE
+ sed -i "/$NAME/ s|='|='$ENCRY_CREDENTIALS,|" $FILE
else
- echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE;
+ echo -e "\n## Basic Authentication Credentials for:\n$NAME='$ENCRY_CREDENTIALS'" >> $FILE;
fi
- read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn
- case $yn in
- [yYjJ] )
- echo "ok, variables are saved in $FILE"
- echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE;
- ;;
- [nN] )
- echo "skip saving cleartext LDM credentials; make sure to save them somewhere else"
- ;;
- esac
+ log DEBUG "Saving clear text credentials in $FILE. If wanted, delete them manually."
+ sed -i "/^$NAME/ s|$|\n# User: $USER\n# Password: $PASSWORD|" $FILE
}
\ No newline at end of file
diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh
index 906e4a1..d0e9964 100755
--- a/lib/install-bridgehead.sh
+++ b/lib/install-bridgehead.sh
@@ -29,12 +29,16 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
EOF
# TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
-if [ -z "$LDM_PASSWORD" ]; then
- log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
+if [ -z "$LDM_AUTH" ]; then
+ log "INFO" "Now generating basic auth for the local data management (see addUser in bridgehead for more information). "
generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+ add_basic_auth_user $PROJECT $generated_passwd "LDM_AUTH" $PROJECT
+fi
- log "INFO" "Your generated credentials are:\n user: $PROJECT\n password: $generated_passwd"
- addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT
+if [ -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
+ log "INFO" "Now generating basic auth for nNGM upload API (see addUser in bridgehead for more information). "
+ generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+ add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT
fi
log "INFO" "Registering system units for bridgehead and bridgehead-update"
diff --git a/lib/sitespecific-functions.sh b/lib/sitespecific-functions.sh
old mode 100644
new mode 100755
index 55c3142..04db02e
--- a/lib/sitespecific-functions.sh
+++ b/lib/sitespecific-functions.sh
@@ -1,7 +1,11 @@
#!/bin/bash -e
+
source lib/functions.sh
-PROJECT="ccp"
-log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
-read -p "Please enter custom user: " user
-read -s -p "Please enter password (will not be echoed): "$'\n' password
-addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT
\ No newline at end of file
+
+PROJECT=$1
+
+log "INFO" "Adding encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
+read -p "Please choose the component (LDM_AUTH|NNGM_AUTH) you want to add a user to : " COMPONENT
+read -p "Please enter a username: " USER
+read -s -p "Please enter a password (will not be echoed): "$'\n' PASSWORD
+add_basic_auth_user $USER $PASSWORD $COMPONENT $PROJECT
\ No newline at end of file
diff --git a/minimal/docker-compose.yml b/minimal/docker-compose.yml
index cd4c2e5..055f683 100644
--- a/minimal/docker-compose.yml
+++ b/minimal/docker-compose.yml
@@ -21,7 +21,7 @@ services:
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.middlewares=auth"
- - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+ - "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}"
ports:
- 80:80
- 443:443