Skip to content

Commit

Permalink
Stop reading ironic API passwords from env vars
Browse files Browse the repository at this point in the history
Signed-off-by: Mahnoor Asghar <[email protected]>
  • Loading branch information
MahnoorAsghar committed Mar 5, 2024
1 parent 6664e02 commit ff83be6
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 18 deletions.
20 changes: 4 additions & 16 deletions scripts/auth-common.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,16 @@

set -euxo pipefail

export IRONIC_HTPASSWD=${IRONIC_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
export INSPECTOR_HTPASSWD=${INSPECTOR_HTPASSWD:-${HTTP_BASIC_HTPASSWD:-}}
export IRONIC_DEPLOYMENT="${IRONIC_DEPLOYMENT:-}"
export IRONIC_REVERSE_PROXY_SETUP=${IRONIC_REVERSE_PROXY_SETUP:-false}
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}

IRONIC_HTPASSWD_FILE=/etc/ironic/htpasswd
INSPECTOR_HTPASSWD_FILE=/etc/ironic-inspector/htpasswd
if [ -s "${IRONIC_HTPASSWD_FILE}" ]; then
export IRONIC_HTPASSWD=$(<$IRONIC_HTPASSWD_FILE)
if [ -s "${INSPECTOR_HTPASSWD_FILE}" ]; then
export INSPECTOR_HTPASSWD=$(<$INSPECTOR_HTPASSWD_FILE)

configure_client_basic_auth()
{
Expand All @@ -29,8 +31,6 @@ configure_json_rpc_auth()
if [[ "${IRONIC_DEPLOYMENT}" == "Conductor" ]]; then
export JSON_RPC_AUTH_STRATEGY="http_basic"
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}-rpc"
else
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
fi
fi
}
Expand All @@ -40,7 +40,6 @@ configure_ironic_auth()
local config=/etc/ironic/ironic.conf
# Configure HTTP basic auth for API server
if [[ -n "${IRONIC_HTPASSWD}" ]]; then
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
if [[ "${IRONIC_REVERSE_PROXY_SETUP}" == "false" ]]; then
crudini --set "${config}" DEFAULT auth_strategy http_basic
crudini --set "${config}" DEFAULT http_basic_auth_user_file "${IRONIC_HTPASSWD_FILE}"
Expand All @@ -52,20 +51,9 @@ configure_inspector_auth()
{
local config=/etc/ironic-inspector/ironic-inspector.conf
if [[ -n "${INSPECTOR_HTPASSWD}" ]]; then
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "false" ]]; then
crudini --set "${config}" DEFAULT auth_strategy http_basic
crudini --set "${config}" DEFAULT http_basic_auth_user_file "${INSPECTOR_HTPASSWD_FILE}"
fi
fi
}

write_htpasswd_files()
{
if [[ -n "${IRONIC_HTPASSWD:-}" ]]; then
printf "%s\n" "${IRONIC_HTPASSWD}" > "${IRONIC_HTPASSWD_FILE}"
fi
if [[ -n "${INSPECTOR_HTPASSWD:-}" ]]; then
printf "%s\n" "${INSPECTOR_HTPASSWD}" > "${INSPECTOR_HTPASSWD_FILE}"
fi
}
2 changes: 0 additions & 2 deletions scripts/runhttpd
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,6 @@ else
export IRONIC_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
fi

write_htpasswd_files

# Render httpd TLS configuration for /shared/html/<redifsh;ilo>
if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]]; then
render_j2_config /etc/httpd-vmedia.conf.j2 /etc/httpd/conf.d/vmedia.conf
Expand Down

0 comments on commit ff83be6

Please sign in to comment.