add generic bash function addBasicAuthUser

bridgehead

@@ -73,7 +73,6 @@ case "$ACTION" in
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
-		export LDM_LOGIN=$(getLdmPassword)
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;
 	stop)

ccp/nngm-compose.yml

@@ -24,6 +24,6 @@ services:
 
   traefik:
     labels:
-      - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH"
+      - "traefik.http.middlewares.auth-nngm.basicauth.users=${NNGM_AUTH}"
 
 

ccp/nngm-setup.sh

@@ -1,8 +1,4 @@
 #!/bin/bash
-##nNGM vars:
-#NNGM_MAGICPL_APIKEY
-#NNGM_CTS_APIKEY
-#NNGM_CRYPTKEY
 
 function nngmSetup() {
 	if [ -n "$NNGM_CTS_APIKEY" ]; then

lib/functions.sh

@@ -9,14 +9,6 @@ detectCompose() {
 	fi
 }
 
-getLdmPassword() {
-	if [ -n "$LDM_PASSWORD" ]; then
-		docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r'
-	else
-		echo -n ""
-	fi
-}
-
 exitIfNotRoot() {
   if [ "$EUID" -ne 0 ]; then
     log "ERROR" "Please run as root"
@@ -34,7 +26,7 @@ checkOwner(){
 }
 
 printUsage() {
-	echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|enroll PROJECTNAME"
+	echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|addUser|enroll PROJECTNAME"
 	echo "PROJECTNAME should be one of ccp|bbmri"
 }
 
@@ -183,27 +175,21 @@ function bk_is_running {
 ##Setting Network properties
 # currently not needed
 #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
-addBasicAuthUser() {
+
+
+add_basic_auth_user() {
   USER="${1}"
   PASSWORD="${2}"
   NAME="${3}"
   PROJECT="${4}"
   FILE="/etc/bridgehead/${PROJECT}.local.conf"
   ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD  | tr -d '\n' | tr -d '\r')"
-  if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists:
+  if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a specific basic auth user already exists:
   then
-    sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE
+    sed -i "/$NAME/ s|='|='$ENCRY_CREDENTIALS,|" $FILE
   else
-    echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE;
+    echo -e "\n## Basic Authentication Credentials for:\n$NAME='$ENCRY_CREDENTIALS'" >> $FILE;
   fi
-  read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn
+	log DEBUG "Saving clear text credentials in $FILE. If wanted, delete them manually."
-  case $yn in
+  sed -i "/^$NAME/ s|$|\n# User: $USER\n# Password: $PASSWORD|" $FILE
-      [yYjJ] )
-        echo "ok, variables are saved in $FILE"
-        echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE;
-        ;;
-      [nN] )
-        echo "skip saving cleartext LDM credentials; make sure to save them somewhere else"
-        ;;
-  esac
 }

lib/install-bridgehead.sh

@@ -29,12 +29,16 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
 EOF
 
 # TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
-if [ -z "$LDM_PASSWORD" ]; then
+if [ -z "$LDM_AUTH" ]; then
-  log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
+  log "INFO" "Now generating basic auth for the local data management (see addUser in bridgehead for more information). "
   generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+  add_basic_auth_user $PROJECT $generated_passwd "LDM_AUTH" $PROJECT
+fi
 
-  log "INFO" "Your generated credentials are:\n            user: $PROJECT\n            password: $generated_passwd"
+if [ -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
-  addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT
+  log "INFO" "Now generating basic auth for nNGM upload API (see addUser in bridgehead for more information). "
+  generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+  add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT
 fi
 
 log "INFO" "Registering system units for bridgehead and bridgehead-update"

lib/sitespecific-functions.sh

@@ -1,7 +1,11 @@
 #!/bin/bash -e
+
 source lib/functions.sh
-PROJECT="ccp"
+
-log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
+PROJECT=$1
-read -p "Please enter custom user: " user
+
-read -s -p "Please enter password (will not be echoed): "$'\n' password
+log "INFO" "Adding encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
-addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT
+read -p "Please choose the component (LDM_AUTH|NNGM_AUTH) you want to add a user to : " COMPONENT
+read -p "Please enter a username: " USER
+read -s -p "Please enter a password (will not be echoed): "$'\n' PASSWORD
+add_basic_auth_user $USER $PASSWORD $COMPONENT $PROJECT

minimal/docker-compose.yml

@@ -21,7 +21,7 @@ services:
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.routers.dashboard.tls=true"
       - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+      - "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}"
     ports:
       - 80:80
       - 443:443