Moved the machine FQDN from secrets.yml to config.yml

The machine FQDN is no secret. The fact that this info is legacy code from when we didn't have a proper config setup Signed-off-by: Miquel Sabaté Solà <mikisabate@gmail.com>
SUSE · Jan 11, 2016 · 9846716 · 9846716
1 parent 8ebd885
commit 9846716
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 27 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -32,7 +32,7 @@ def fixes
     {}.tap do |fix|
       fix[:ssl]                                = check_ssl
       fix[:secret_key_base]                    = secrets.secret_key_base == "CHANGE_ME"
-      fix[:secret_machine_fqdn]                = secrets.machine_fqdn.nil?
+      fix[:secret_machine_fqdn]                = APP_CONFIG["machine_fqdn"]["value"].blank?
       fix[:secret_encryption_private_key_path] = secrets.encryption_private_key_path.nil?
       fix[:secret_portus_password]             = secrets.portus_password.nil?
       fix

diff --git a/app/views/errors/500.html.erb b/app/views/errors/500.html.erb
@@ -19,12 +19,7 @@
     <% end %>
     <% if @fix[:secret_machine_fqdn] %>
       <h2>Fix secret machine fqdn value</h2>
-      You need to set the machine fdqn value for Portus to work.
-      <% if Rails.env.production? %>
-        Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
-      <% else %>
-        Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
-      <% end %>
+      You need to set the machine fdqn value for Portus to work. In order to do this, you have to set the <i>machine_fqdn</i> value in <i>config/config-local.yml</i>.
     <% end %>
     <% if @fix[:secret_encryption_private_key_path] %>
       <h2>Fix secret encryption private key path value</h2>

diff --git a/app/views/errors/show.html.erb b/app/views/errors/show.html.erb
@@ -42,12 +42,7 @@
               <% end %>
               <% if @fix[:secret_machine_fqdn] %>
                 <h2>Fix secret machine fqdn value</h2>
-                You need to set the machine fdqn value for Portus to work.
-                <% if Rails.env.production? %>
-                  Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
-                <% else %>
-                  Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
-                <% end %>
+                You need to set the machine fdqn value for Portus to work. In order to do this, you have to set the <i>machine_fqdn</i> value in <i>config/config-local.yml</i>.
               <% end %>
               <% if @fix[:secret_encryption_private_key_path] %>
                 <h2>Fix secret encryption private key path value</h2>

diff --git a/config/config.yml b/config/config.yml
@@ -102,3 +102,7 @@ check_ssl_usage:
 # See: https://github.com/SUSE/Portus/issues/510
 jwt_expiration_time:
   value: "5.minutes"
+
+# The FQDN of the machine where Portus is being deployed.
+machine_fqdn:
+  value: "portus.test.lan"
diff --git a/config/initializers/mailer_url_options.rb b/config/initializers/mailer_url_options.rb
@@ -1,13 +1,13 @@
 # If you're on staging/production, then you must be using SSL. Otherwise, if
 # you're on development mode and you have set your own FQDN, then we assume
 # that SSL is in place too. Otherwise, SSL is not setup.
-if !Rails.env.development? || !ENV["PORTUS_MACHINE_FQDN"].nil?
+if !Rails.env.development? || !ENV["PORTUS_USE_SSL"].nil?
   protocol = "https://"
 else
   protocol = "http://"
 end
 
-host = Rails.application.secrets.machine_fqdn
+host = APP_CONFIG["machine_fqdn"]["value"]
 ActionMailer::Base.default_url_options[:host]     = host
 ActionMailer::Base.default_url_options[:protocol] = protocol
 

diff --git a/config/secrets.yml b/config/secrets.yml
@@ -17,11 +17,6 @@ default: &default
   <% else %>
   encryption_private_key_path: 'vagrant/conf/ca_bundle/server.key'
   <% end %>
-  <% if ENV["PORTUS_MACHINE_FQDN"] %>
-  machine_fqdn: <%= ENV["PORTUS_MACHINE_FQDN"] %>
-  <% else %>
-  machine_fqdn: 'portus.test.lan'
-  <% end %>
   portus_password: 'portus1234'
 
 development:
@@ -33,7 +28,6 @@ staging:
 test:
   secret_key_base: 03423ada1c1d3dce1638664c17ad9debe3401fa51ae332ddfe9bc04de70466cf2213c619911c181534d2ba77836c0da50ce7e9748aad7c2e5c40e5b8ddb1d997
   encryption_private_key_path: 'vagrant/conf/ca_bundle/server.key'
-  machine_fqdn: 'portus.test.lan'
   portus_password: 'portus1234'
 
 # Do not keep production secrets in the repository,
@@ -45,5 +39,4 @@ production:
   secret_key_base: CHANGE_ME
   <% end %>
   encryption_private_key_path: <%= ENV["PORTUS_KEY_PATH"] %>
-  machine_fqdn: <%= ENV["PORTUS_MACHINE_FQDN"] %>
   portus_password: <%= ENV["PORTUS_PASSWORD"] %>
diff --git a/lib/portus/jwt_token.rb b/lib/portus/jwt_token.rb
@@ -25,7 +25,7 @@ def encoded_hash
     # specification.
     def claim
       @claim ||= {}.tap do |hash|
-        hash[:iss]    = Rails.application.secrets.machine_fqdn
+        hash[:iss]    = APP_CONFIG["machine_fqdn"]["value"]
         hash[:sub]    = @account
         hash[:aud]    = @service
         hash[:iat]    = issued_at

diff --git a/packaging/suse/portusctl/templates/config-local.yml.erb b/packaging/suse/portusctl/templates/config-local.yml.erb
@@ -76,3 +76,16 @@ first_user_admin:
 # By default require ssl to be enabled when running on production
 check_ssl_usage:
   enabled: <%= @options["secure"] %>
+
+# Set the expiration time for the JWT Token that Portus uses to authenticate
+# with the registry. Note that this is just a work-around on the fact that the
+# registry does not try to get a new token again after the current one has
+# expired. Once a solution is issued upstream, we can deprecate this option.
+#
+# See: https://github.com/SUSE/Portus/issues/510
+jwt_expiration_time:
+  value: "5.minutes"
+
+# The FQDN of the machine where Portus is being deployed.
+machine_fqdn:
+  value: <%= HOSTNAME %>
diff --git a/packaging/suse/portusctl/templates/secrets.yml.erb b/packaging/suse/portusctl/templates/secrets.yml.erb
@@ -15,5 +15,4 @@
 production:
   secret_key_base: <%= @secret_key_base %>
   encryption_private_key_path: /srv/Portus/config/server.key
-  machine_fqdn: <%= HOSTNAME %>
   portus_password: <%= @portus_password %>
diff --git a/spec/controllers/errors_controller_spec.rb b/spec/controllers/errors_controller_spec.rb
@@ -6,7 +6,7 @@
       before :all do
         secrets = Rails.application.secrets
         @secret_key_base = secrets.secret_key_base
-        @secret_machine_fqdn = secrets.machine_fqdn
+        @secret_machine_fqdn = APP_CONFIG["machine_fqdn"]["value"]
         @secret_encryption_private_key_path = secrets.encryption_private_key_path
         @secret_portus_password = secrets.portus_password
       end
@@ -34,7 +34,7 @@
       end
 
       it "sets @fix[:secret_machine_fqdn] as true" do
-        Rails.application.secrets.machine_fqdn = nil
+        APP_CONFIG["machine_fqdn"] = { "value" => "" }
         get :show, id: 1, fixes: true
         expect(assigns(:fix)[:secret_machine_fqdn]).to be true
       end

diff --git a/spec/lib/portus/jwt_token_spec.rb b/spec/lib/portus/jwt_token_spec.rb
@@ -56,7 +56,7 @@
     describe "basic fields" do
       describe ":iss" do
         it "is set to portus fqdn" do
-          expect(subject.claim[:iss]).to eq Rails.application.secrets.machine_fqdn
+          expect(subject.claim[:iss]).to eq APP_CONFIG["machine_fqdn"]["value"]
         end
       end
 

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -41,6 +41,9 @@
     # it has the default value we expect
     APP_CONFIG["check_ssl_usage"] = { "enabled" => true }
 
+    # Expected to be always available.
+    APP_CONFIG["machine_fqdn"] = { "value" => "portus.test.lan" }
+
     # This value is expected to be always available. The default value will be
     # set
     APP_CONFIG["jwt_expiration_time"] = { "value" => "5.minutes" }