Skip to content
This repository has been archived by the owner on Apr 17, 2023. It is now read-only.

Commit

Permalink
Moved the machine FQDN from secrets.yml to config.yml
Browse files Browse the repository at this point in the history
The machine FQDN is no secret. The fact that this info is legacy code from when
we didn't have a proper config setup

Signed-off-by: Miquel Sabaté Solà <[email protected]>
  • Loading branch information
mssola committed Jan 11, 2016
1 parent 8ebd885 commit 9846716
Show file tree
Hide file tree
Showing 12 changed files with 29 additions and 27 deletions.
2 changes: 1 addition & 1 deletion app/controllers/application_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ def fixes
{}.tap do |fix|
fix[:ssl] = check_ssl
fix[:secret_key_base] = secrets.secret_key_base == "CHANGE_ME"
fix[:secret_machine_fqdn] = secrets.machine_fqdn.nil?
fix[:secret_machine_fqdn] = APP_CONFIG["machine_fqdn"]["value"].blank?
fix[:secret_encryption_private_key_path] = secrets.encryption_private_key_path.nil?
fix[:secret_portus_password] = secrets.portus_password.nil?
fix
Expand Down
7 changes: 1 addition & 6 deletions app/views/errors/500.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,7 @@
<% end %>
<% if @fix[:secret_machine_fqdn] %>
<h2>Fix secret machine fqdn value</h2>
You need to set the machine fdqn value for Portus to work.
<% if Rails.env.production? %>
Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
<% else %>
Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
<% end %>
You need to set the machine fdqn value for Portus to work. In order to do this, you have to set the <i>machine_fqdn</i> value in <i>config/config-local.yml</i>.
<% end %>
<% if @fix[:secret_encryption_private_key_path] %>
<h2>Fix secret encryption private key path value</h2>
Expand Down
7 changes: 1 addition & 6 deletions app/views/errors/show.html.erb
Original file line number Diff line number Diff line change
Expand Up @@ -42,12 +42,7 @@
<% end %>
<% if @fix[:secret_machine_fqdn] %>
<h2>Fix secret machine fqdn value</h2>
You need to set the machine fdqn value for Portus to work.
<% if Rails.env.production? %>
Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
<% else %>
Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
<% end %>
You need to set the machine fdqn value for Portus to work. In order to do this, you have to set the <i>machine_fqdn</i> value in <i>config/config-local.yml</i>.
<% end %>
<% if @fix[:secret_encryption_private_key_path] %>
<h2>Fix secret encryption private key path value</h2>
Expand Down
4 changes: 4 additions & 0 deletions config/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -102,3 +102,7 @@ check_ssl_usage:
# See: https://github.com/SUSE/Portus/issues/510
jwt_expiration_time:
value: "5.minutes"

# The FQDN of the machine where Portus is being deployed.
machine_fqdn:
value: "portus.test.lan"
4 changes: 2 additions & 2 deletions config/initializers/mailer_url_options.rb
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# If you're on staging/production, then you must be using SSL. Otherwise, if
# you're on development mode and you have set your own FQDN, then we assume
# that SSL is in place too. Otherwise, SSL is not setup.
if !Rails.env.development? || !ENV["PORTUS_MACHINE_FQDN"].nil?
if !Rails.env.development? || !ENV["PORTUS_USE_SSL"].nil?
protocol = "https://"
else
protocol = "http://"
end

host = Rails.application.secrets.machine_fqdn
host = APP_CONFIG["machine_fqdn"]["value"]
ActionMailer::Base.default_url_options[:host] = host
ActionMailer::Base.default_url_options[:protocol] = protocol

Expand Down
7 changes: 0 additions & 7 deletions config/secrets.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,6 @@ default: &default
<% else %>
encryption_private_key_path: 'vagrant/conf/ca_bundle/server.key'
<% end %>
<% if ENV["PORTUS_MACHINE_FQDN"] %>
machine_fqdn: <%= ENV["PORTUS_MACHINE_FQDN"] %>
<% else %>
machine_fqdn: 'portus.test.lan'
<% end %>
portus_password: 'portus1234'

development:
Expand All @@ -33,7 +28,6 @@ staging:
test:
secret_key_base: 03423ada1c1d3dce1638664c17ad9debe3401fa51ae332ddfe9bc04de70466cf2213c619911c181534d2ba77836c0da50ce7e9748aad7c2e5c40e5b8ddb1d997
encryption_private_key_path: 'vagrant/conf/ca_bundle/server.key'
machine_fqdn: 'portus.test.lan'
portus_password: 'portus1234'

# Do not keep production secrets in the repository,
Expand All @@ -45,5 +39,4 @@ production:
secret_key_base: CHANGE_ME
<% end %>
encryption_private_key_path: <%= ENV["PORTUS_KEY_PATH"] %>
machine_fqdn: <%= ENV["PORTUS_MACHINE_FQDN"] %>
portus_password: <%= ENV["PORTUS_PASSWORD"] %>
2 changes: 1 addition & 1 deletion lib/portus/jwt_token.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def encoded_hash
# specification.
def claim
@claim ||= {}.tap do |hash|
hash[:iss] = Rails.application.secrets.machine_fqdn
hash[:iss] = APP_CONFIG["machine_fqdn"]["value"]
hash[:sub] = @account
hash[:aud] = @service
hash[:iat] = issued_at
Expand Down
13 changes: 13 additions & 0 deletions packaging/suse/portusctl/templates/config-local.yml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -76,3 +76,16 @@ first_user_admin:
# By default require ssl to be enabled when running on production
check_ssl_usage:
enabled: <%= @options["secure"] %>

# Set the expiration time for the JWT Token that Portus uses to authenticate
# with the registry. Note that this is just a work-around on the fact that the
# registry does not try to get a new token again after the current one has
# expired. Once a solution is issued upstream, we can deprecate this option.
#
# See: https://github.com/SUSE/Portus/issues/510
jwt_expiration_time:
value: "5.minutes"

# The FQDN of the machine where Portus is being deployed.
machine_fqdn:
value: <%= HOSTNAME %>
1 change: 0 additions & 1 deletion packaging/suse/portusctl/templates/secrets.yml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,4 @@
production:
secret_key_base: <%= @secret_key_base %>
encryption_private_key_path: /srv/Portus/config/server.key
machine_fqdn: <%= HOSTNAME %>
portus_password: <%= @portus_password %>
4 changes: 2 additions & 2 deletions spec/controllers/errors_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
before :all do
secrets = Rails.application.secrets
@secret_key_base = secrets.secret_key_base
@secret_machine_fqdn = secrets.machine_fqdn
@secret_machine_fqdn = APP_CONFIG["machine_fqdn"]["value"]
@secret_encryption_private_key_path = secrets.encryption_private_key_path
@secret_portus_password = secrets.portus_password
end
Expand Down Expand Up @@ -34,7 +34,7 @@
end

it "sets @fix[:secret_machine_fqdn] as true" do
Rails.application.secrets.machine_fqdn = nil
APP_CONFIG["machine_fqdn"] = { "value" => "" }
get :show, id: 1, fixes: true
expect(assigns(:fix)[:secret_machine_fqdn]).to be true
end
Expand Down
2 changes: 1 addition & 1 deletion spec/lib/portus/jwt_token_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@
describe "basic fields" do
describe ":iss" do
it "is set to portus fqdn" do
expect(subject.claim[:iss]).to eq Rails.application.secrets.machine_fqdn
expect(subject.claim[:iss]).to eq APP_CONFIG["machine_fqdn"]["value"]
end
end

Expand Down
3 changes: 3 additions & 0 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@
# it has the default value we expect
APP_CONFIG["check_ssl_usage"] = { "enabled" => true }

# Expected to be always available.
APP_CONFIG["machine_fqdn"] = { "value" => "portus.test.lan" }

# This value is expected to be always available. The default value will be
# set
APP_CONFIG["jwt_expiration_time"] = { "value" => "5.minutes" }
Expand Down

0 comments on commit 9846716

Please sign in to comment.