Skip to content

Commit

Permalink
handle hashed_passwords not being set (#123)
Browse files Browse the repository at this point in the history 
* handle hashed_passwords not being set
* migrator script update: instantiate key if doesnt exist
* adding maxCompressedImageSizeMB test
* fix envVar being anything other than a string
* updating tests to make extraEnv a string. update mapping for postgresql.imageTag
* updating script for case of postgres user being postgres admin user

Signed-off-by: Hung Nguyen <[email protected]>

---------

Signed-off-by: Hung Nguyen <[email protected]>
  • Loading branch information
@HN23 @Btodhunter
HN23 authored and Btodhunter committed Sep 15, 2023
1 parent a5be71c commit bddabb2
Show file tree
Hide file tree
Showing 19 changed files with 311 additions and 200 deletions.
26 changes: 26 additions & 0 deletions scripts/helpers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@ def represent_block_scalar(dumper, data):
style = "|" if "\n" in data else '"'
return dumper.represent_scalar("tag:yaml.org,2002:str", data, style=style)

def convert_to_str(env_var):
if isinstance(env_var, dict):
if not isinstance(env_var.get('value'), str):
env_var['value'] = str(env_var.get('value'))
else:
return str(env_var)

def convert_values_file(file, results_dir):
file_name = os.path.basename(file)
prep_dir(path=results_dir, clean=True)
Expand All @@ -32,13 +39,28 @@ def convert_values_file(file, results_dir):
enterprise_chart_values_dict, enterprise_chart_env_var_dict = replace_keys_with_mappings(dot_string_dict, results_dir)

for key, val in enterprise_chart_env_var_dict.items():
if isinstance(val, list):
for index, env_var in enumerate(val):
val[index] = convert_to_str(env_var) or env_var
elif isinstance(val, dict):
for index, env_var in enumerate(val.get("extraEnv", [])):
val["extraEnv"][index] = convert_to_str(env_var) or env_var

# taking the environment variables and adding it into the enterprise_chart_values_dict to make one dictionary
if key not in enterprise_chart_values_dict:
val_type = type(val)
enterprise_chart_values_dict[key] = val_type()
if isinstance(val, list):
enterprise_chart_values_dict[key] = enterprise_chart_values_dict[key] + val
elif isinstance(val, dict):
enterprise_chart_values_dict[key] = enterprise_chart_values_dict.get(key, {})
enterprise_chart_values_dict[key]["extraEnv"] = enterprise_chart_values_dict[key].get("extraEnv", [])
enterprise_chart_values_dict[key]["extraEnv"] = enterprise_chart_values_dict[key]["extraEnv"] + val.get("extraEnv", [])

# for the current bitnami postgres chart, if your user is specifically the 'postgres' admin user, you need to override global.postgresql.auth.postgresPassword
if (enterprise_chart_values_dict.get('postgresql', {}).get('auth', {}).get('username') == 'postgres') and (enterprise_chart_values_dict.get('postgresql', {}).get('auth', {}).get('password')):
enterprise_chart_values_dict['postgresql']['auth']['postgresPassword'] = enterprise_chart_values_dict['postgresql']['auth']['password']

yaml.add_representer(str, represent_block_scalar)
yaml_data = yaml.dump(enterprise_chart_values_dict, default_flow_style=False)
file_name = f"enterprise.{file_name}"
Expand Down Expand Up @@ -93,6 +115,10 @@ def replace_keys_with_mappings(dot_string_dict, results_dir):

env_var_mapping = {**enterprise_env_var_mapping, **feeds_env_var_mapping}
logs_dir = f"{results_dir}/logs"
if not dot_string_dict.get("anchoreGlobal.hashedPasswords"):
log_file_name = "warning.log"
write_to_file(f"hashedPasswords is not currently used. You should _really_ consider using it. Please see docs on how to migrate to hashed passwords.\n", os.path.join(logs_dir, log_file_name), "a")
dot_string_dict["anchoreGlobal.hashedPasswords"] = False
for dotstring_key, val in dot_string_dict.items():
keys = dotstring_key.split('.')

Expand Down
2 changes: 1 addition & 1 deletion scripts/mappings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@
"postgresql.postgresPassword": "postgresql.auth.password",
"postgresql.postgresUser": "postgresql.auth.username",
"postgresql.postgresPort": "postgresql.primary.service.ports.postgresql",
"postgresql.imageTag": "postgresql.imageTag",
"postgresql.imageTag": "postgresql.image.tag",

"anchore-feeds-db.imageTag": "feeds.feeds-db.image.tag",
"anchore-feeds-gem-db.imageTag": "feeds.gem-db.image.tag",
Expand Down
5 changes: 4 additions & 1 deletion scripts/tests/configs/test_convert_values_file.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@ anchoreEnterpriseGlobal:
anchoreGlobal:
useExistingSecrets: true
existingSecretName: global-existing-secrets
extraEnv:
- name: ANCHORE_MAX_REQUEST_THREADS
value: "9876543210"

anchoreEnterpriseUi:
existingSecretName: ui-existing-secrets
Expand All @@ -12,4 +15,4 @@ anchoreEnterpriseFeeds:
existingSecretName: feeds-existing-secrets

anchoreApi:
maxRequestThreads: 9876543210
maxRequestThreads: 9876543210
8 changes: 7 additions & 1 deletion scripts/tests/configs/test_convert_values_file_result.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,10 @@
"api":
"extraEnv":
- "name": "ANCHORE_MAX_REQUEST_THREADS"
"value": 9876543210
"value": "9876543210"
"anchoreConfig":
"user_authentication":
"hashed_passwords": False
"extraEnv":
- "name": "ANCHORE_MAX_REQUEST_THREADS"
"value": "9876543210"
29 changes: 17 additions & 12 deletions scripts/tests/test_anchoreAnalyzer_value_mapping.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def test_anchoreAnalyzer_replicaCount_value(self):
dot_string_dict = {
"anchoreAnalyzer.replicaCount": 2,
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'replicaCount': 2
}
Expand All @@ -29,7 +29,7 @@ def test_anchoreAnalyzer_containerPort_value(self):
dot_string_dict = {
"anchoreAnalyzer.containerPort": 8084,
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'service': {
'port': 8084
Expand All @@ -48,7 +48,7 @@ def test_anchoreAnalyzer_extraEnv_value(self):
}
]
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'extraEnv': [
{
Expand All @@ -65,7 +65,7 @@ def test_anchoreAnalyzer_serviceAccountName_value(self):
dot_string_dict = {
"anchoreAnalyzer.serviceAccountName": "foo",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'serviceAccountName': 'foo'
}
Expand All @@ -80,7 +80,7 @@ def test_anchoreAnalyzer_resources_value(self):
"anchoreAnalyzer.resources.requests.cpu": 1,
"anchoreAnalyzer.resources.requests.memory": "1G",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'resources': {
'limits': {
Expand All @@ -103,7 +103,7 @@ def test_anchoreAnalyzer_labels_value(self):
"anchoreAnalyzer.labels.value": "bar",
"anchoreAnalyzer.labels.kubernetes.io/description": "baz",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'labels':
{
Expand All @@ -122,7 +122,7 @@ def test_anchoreAnalyzer_annotations_value(self):
"anchoreAnalyzer.annotations.value": "bar",
"anchoreAnalyzer.annotations.kubernetes.io/description": "baz",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'annotations':
{
Expand All @@ -140,7 +140,7 @@ def test_anchoreanalyzer_deploymentAnnotations_value(self):
"anchoreAnalyzer.deploymentAnnotations.name": "foo",
"anchoreAnalyzer.deploymentAnnotations.value": "bar",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'deploymentAnnotations': {
'name': 'foo',
Expand All @@ -157,7 +157,7 @@ def test_anchoreAnalyzer_nodeSelector_value(self):
"anchoreAnalyzer.nodeSelector.value": "bar",

}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'nodeSelector':
{
Expand All @@ -179,7 +179,7 @@ def test_anchoreAnalyzer_tolerations_value(self):
}
]
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'tolerations': [
{
Expand All @@ -197,7 +197,7 @@ def test_anchoreAnalyzer_affinity_value(self):
"anchoreAnalyzer.affinity.name": "foo",
"anchoreAnalyzer.affinity.value": "bar",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'analyzer': {
'affinity': {
'name': 'foo',
Expand All @@ -214,6 +214,7 @@ def test_anchoreAnalyzer_cycleTimers_image_analyzer_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'analyzer': {
'cycle_timers': {
'image_analyzer': 1
Expand All @@ -231,6 +232,7 @@ def test_anchoreAnalyzer_concurrentTasksPerWorker_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'analyzer': {
'max_threads': 1
}
Expand All @@ -246,6 +248,7 @@ def test_anchoreAnalyzer_layerCacheMaxGigabytes_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'analyzer': {
'layer_cache_max_gigabytes': 1
}
Expand All @@ -261,6 +264,7 @@ def test_anchoreAnalyzer_enableHints_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'analyzer': {
'enable_hints': False
}
Expand Down Expand Up @@ -294,6 +298,7 @@ def test_anchoreAnalyzer_configFile_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'analyzer': {
'configFile': {
'retrieve_files': {
Expand Down Expand Up @@ -341,5 +346,5 @@ def test_enableOwnedPackageFiltering_value(self):
}
}
result = replace_keys_with_mappings(dot_string_dict, self.results_dir)
self.assertEqual(result[0], {})
self.assertEqual(result[0], {'anchoreConfig': {'user_authentication': {'hashed_passwords': False}}})
self.assertEqual(result[1], expected_result)
23 changes: 12 additions & 11 deletions scripts/tests/test_anchoreApi_value_mapping.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def test_anchoreApi_replicaCount_value(self):
dot_string_dict = {
"anchoreApi.replicaCount": 2,
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'replicaCount': 2
}
Expand All @@ -34,7 +34,7 @@ def test_anchoreApi_extraEnv_value(self):
}
]
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'extraEnv': [
{
Expand All @@ -59,7 +59,7 @@ def test_anchoreApi_service_value(self):
"anchoreApi.service.labels.with.a.dot.foobar": "baz"
}

expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'service': {
"name": "null",
Expand All @@ -84,7 +84,7 @@ def test_anchoreApi_serviceAccountName_value(self):
dot_string_dict = {
"anchoreApi.serviceAccountName": "Null"
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'serviceAccountName': "Null"
}
Expand All @@ -100,7 +100,7 @@ def test_anchoreApi_resources_value(self):
"anchoreApi.resources.requests.memory": "1G",
}

expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'resources': {
'limits': {
Expand All @@ -123,7 +123,7 @@ def test_anchoreApi_labels_value(self):
"anchoreApi.labels.value": "bar",
"anchoreApi.labels.anotherLabel.with.a.dot": "baz",
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'labels':
{
Expand All @@ -141,7 +141,7 @@ def test_anchoreApi_annotations_value(self):
"anchoreApi.annotations.foo": "bar",
"anchoreApi.annotations.baz": "qux"
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'annotations':
{
Expand All @@ -158,7 +158,7 @@ def test_anchoreApi_deploymentAnnotations_value(self):
"anchoreApi.deploymentAnnotations.name": "foo",
"anchoreApi.deploymentAnnotations.mydot.value": "bar"
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'deploymentAnnotations': {
'name': 'foo',
Expand All @@ -174,7 +174,7 @@ def test_anchoreApi_nodeSelector_value(self):
"anchoreApi.nodeSelector.name": "foo",
"anchoreApi.nodeSelector.value": "bar"
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'nodeSelector':
{
Expand All @@ -195,7 +195,7 @@ def test_anchoreApi_tolerations_value(self):
}
]
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'tolerations': [
{
Expand All @@ -213,7 +213,7 @@ def test_anchoreApi_affinity_value(self):
"anchoreApi.affinity.name": "foo",
"anchoreApi.affinity.value": "bar"
}
expected_result = {
expected_result = { 'anchoreConfig': {'user_authentication': {'hashed_passwords': False}},
'api': {
'affinity': {
'name': 'foo',
Expand All @@ -232,6 +232,7 @@ def test_anchoreApi_external_value(self):
}
expected_result = {
'anchoreConfig': {
'user_authentication': {'hashed_passwords': False},
'apiext': {
'external': {
'useTLS': True,
Expand Down
Loading

0 comments on commit bddabb2

Please sign in to comment.