add generic bash function addBasicAuthUser

2023-07-27 15:38:29 +02:00 · 2023-07-27 15:38:29 +02:00 · dc0fc286b1
parent 788e4ea9f7
commit dc0fc286b1
7 changed files with 28 additions and 39 deletions
--- a/1
+++ b/1
@ -73,7 +73,6 @@ case "$ACTION" in
 		hc_send log "Bridgehead $PROJECT startup: Checking requirements ..."
 		checkRequirements
 		hc_send log "Bridgehead $PROJECT startup: Requirements checked out. Now starting bridgehead ..."
-		export LDM_LOGIN=$(getLdmPassword)
 		exec $COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE up --abort-on-container-exit
 		;;
 	stop)
--- a/ccp/nngm-compose.yml
+++ b/ccp/nngm-compose.yml
@ -24,6 +24,6 @@ services:

  traefik:
    labels:
-      - "traefik.http.middlewares.auth-nngm.basicauth.users=$NNGM_AUTH"
+      - "traefik.http.middlewares.auth-nngm.basicauth.users=${NNGM_AUTH}"


--- a/ccp/nngm-setup.sh
+++ b/ccp/nngm-setup.sh
@ -1,8 +1,4 @@
 #!/bin/bash
-##nNGM vars:
-#NNGM_MAGICPL_APIKEY
-#NNGM_CTS_APIKEY
-#NNGM_CRYPTKEY

 function nngmSetup() {
 	if [ -n "$NNGM_CTS_APIKEY" ]; then
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -9,14 +9,6 @@ detectCompose() {
 	fi
 }

-getLdmPassword() {
-	if [ -n "$LDM_PASSWORD" ]; then
-		docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $PROJECT $LDM_PASSWORD | tr -d '\n' | tr -d '\r'
-	else
-		echo -n ""
-	fi
-}
-
 exitIfNotRoot() {
  if [ "$EUID" -ne 0 ]; then
    log "ERROR" "Please run as root"
@ -34,7 +26,7 @@ checkOwner(){
 }

 printUsage() {
-	echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|enroll PROJECTNAME"
+	echo "Usage: bridgehead start|stop|is-running|update|install|uninstall|addUser|enroll PROJECTNAME"
 	echo "PROJECTNAME should be one of ccp|bbmri"
 }

@ -183,27 +175,21 @@ function bk_is_running {
 ##Setting Network properties
 # currently not needed
 #export HOSTIP=$(MSYS_NO_PATHCONV=1 docker run --rm --add-host=host.docker.internal:host-gateway ubuntu cat /etc/hosts | grep 'host.docker.internal' | awk '{print $1}');
-addBasicAuthUser() {
+
+
+add_basic_auth_user() {
  USER="${1}"
  PASSWORD="${2}"
  NAME="${3}"
  PROJECT="${4}"
  FILE="/etc/bridgehead/${PROJECT}.local.conf"
  ENCRY_CREDENTIALS="$(docker run --rm docker.verbis.dkfz.de/cache/httpd:alpine htpasswd -nb $USER $PASSWORD  | tr -d '\n' | tr -d '\r')"
-  if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a basic auth user already exists:
+  if [ -f $FILE ] && grep -R -q "$NAME=" $FILE # if a specific basic auth user already exists:
  then
-    sed -i "/$NAME/ s/$/,$ENCRY_CREDENTIALS/" $FILE
+    sed -i "/$NAME/ s|='|='$ENCRY_CREDENTIALS,|" $FILE
  else
-    echo -e "\n## Basic Authentication Credentials for:\n$NAME=$ENCRY_CREDENTIALS" >> $FILE;
+    echo -e "\n## Basic Authentication Credentials for:\n$NAME='$ENCRY_CREDENTIALS'" >> $FILE;
  fi
-  read -p "Do you want to have your cleartext credentials saved in your $FILE: [y/n]" yn
-  case $yn in
-      [yYjJ] )
-        echo "ok, variables are saved in $FILE"
-        echo -e "# User: $USER\n# Password: $PASSWORD" >> $FILE;
-        ;;
-      [nN] )
-        echo "skip saving cleartext LDM credentials; make sure to save them somewhere else"
-        ;;
-  esac
+	log DEBUG "Saving clear text credentials in $FILE. If wanted, delete them manually."
+  sed -i "/^$NAME/ s|$|\n# User: $USER\n# Password: $PASSWORD|" $FILE
 }
--- a/lib/install-bridgehead.sh
+++ b/lib/install-bridgehead.sh
@ -29,12 +29,16 @@ bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
 EOF

 # TODO: Determine whether this should be located in setup-bridgehead (triggered through bridgehead install) or in update bridgehead (triggered every hour)
-if [ -z "$LDM_PASSWORD" ]; then
-  log "INFO" "Now generating a password for the local data management. Please save the password for your ETL process!"
+if [ -z "$LDM_AUTH" ]; then
+  log "INFO" "Now generating basic auth for the local data management (see addUser in bridgehead for more information). "
  generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+  add_basic_auth_user $PROJECT $generated_passwd "LDM_AUTH" $PROJECT
+fi

-  log "INFO" "Your generated credentials are:\n            user: $PROJECT\n            password: $generated_passwd"
-  addBasicAuthUser $PROJECT $generated_passwd "LDM_LOGIN" $PROJECT
+if [ -z "$NNGM_CTS_APIKEY" ] && [ -z "$NNGM_AUTH" ]; then
+  log "INFO" "Now generating basic auth for nNGM upload API (see addUser in bridgehead for more information). "
+  generated_passwd="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 32)"
+  add_basic_auth_user "nngm" $generated_passwd "NNGM_AUTH" $PROJECT
 fi

 log "INFO" "Registering system units for bridgehead and bridgehead-update"
--- a/lib/sitespecific-functions.sh
+++ b/lib/sitespecific-functions.sh
@ -1,7 +1,11 @@
 #!/bin/bash -e
+
 source lib/functions.sh
-PROJECT="ccp"
-log "INFO" "Adding custom encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
-read -p "Please enter custom user: " user
-read -s -p "Please enter password (will not be echoed): "$'\n' password
-addBasicAuthUser $user $password "NNGM_AUTH" $PROJECT
+
+PROJECT=$1
+
+log "INFO" "Adding encrypted credentials in /etc/bridgehead/$PROJECT.local.conf"
+read -p "Please choose the component (LDM_AUTH|NNGM_AUTH) you want to add a user to : " COMPONENT
+read -p "Please enter a username: " USER
+read -s -p "Please enter a password (will not be echoed): "$'\n' PASSWORD
+add_basic_auth_user $USER $PASSWORD $COMPONENT $PROJECT
--- a/minimal/docker-compose.yml
+++ b/minimal/docker-compose.yml
@ -21,7 +21,7 @@ services:
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.middlewares=auth"
-      - "traefik.http.middlewares.auth.basicauth.users=${LDM_LOGIN}"
+      - "traefik.http.middlewares.auth.basicauth.users=${LDM_AUTH}"
    ports:
      - 80:80
      - 443:443