Permalink
Browse files

Allow the FQDN to be specified through config

This is something in between to what we have on the `v2.0` branch and the
`master` branch. This way we have the behavior from `master` while not breaking
what we had in previous patch-level releases.

This commit is largely based on 9846716 in the
`master` branch.

Signed-off-by: Miquel Sabaté Solà <msabate@suse.com>
  • Loading branch information...
1 parent 7e9e014 commit f0850459cc43e9b9258e70867d5608f2ef303f3e @mssola mssola committed May 17, 2016
@@ -32,7 +32,7 @@ def fixes
{}.tap do |fix|
fix[:ssl] = check_ssl
fix[:secret_key_base] = secrets.secret_key_base == "CHANGE_ME"
- fix[:secret_machine_fqdn] = secrets.machine_fqdn.nil?
+ fix[:secret_machine_fqdn] = fqdn.blank?
fix[:secret_encryption_private_key_path] = secrets.encryption_private_key_path.nil?
fix[:secret_portus_password] = secrets.portus_password.nil?
fix
@@ -23,7 +23,7 @@
<% if Rails.env.production? %>
Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
<% else %>
- Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
+ Set <i>machine_fqdn</i> in <i>config/secrets.yml</i> or <i>config/config-local.yml</i>.
<% end %>
<% end %>
<% if @fix[:secret_encryption_private_key_path] %>
@@ -46,7 +46,7 @@
<% if Rails.env.production? %>
Set <i>PORTUS_MACHINE_FQDN</i> environment variable.
<% else %>
- Set <i>machine_fqdn</i> in <i>config/secrets.yml</i>.
+ Set <i>machine_fqdn</i> in <i>config/secrets.yml</i> or <i>config/config-local.yml</i>.
<% end %>
<% end %>
<% if @fix[:secret_encryption_private_key_path] %>
View
@@ -91,3 +91,8 @@ check_ssl_usage:
# See: https://github.com/SUSE/Portus/issues/510
jwt_expiration_time:
value: "5.minutes"
+
+# The FQDN of the machine where Portus is being deployed. The default is kept
+# empty to make sure that backwards-compatibility is not broken.
+machine_fqdn:
+ value: ""
@@ -2,3 +2,12 @@
local = ENV["PORTUS_LOCAL_CONFIG_PATH"] || File.join(Rails.root, "config", "config-local.yml")
cfg = Portus::Config.new(default, local)
APP_CONFIG = cfg.fetch
+
+# This method consumes the value of the FQDN from the app config if possible
+# (as implement in Portus v2.1.x). Otherwise, it falls back to the current way
+# of fetching it.
+def fqdn
+ mconf = APP_CONFIG["machine_fqdn"]
+ return Rails.application.secrets.machine_fqdn if mconf.nil? || mconf["value"].blank?
+ mconf["value"]
+end
@@ -1,13 +1,13 @@
# If you're on staging/production, then you must be using SSL. Otherwise, if
# you're on development mode and you have set your own FQDN, then we assume
# that SSL is in place too. Otherwise, SSL is not setup.
-if !Rails.env.development? || !ENV["PORTUS_MACHINE_FQDN"].nil?
+if !Rails.env.development? || !ENV["PORTUS_USE_SSL"].nil?
protocol = "https://"
else
protocol = "http://"
end
-host = Rails.application.secrets.machine_fqdn
+host = fqdn
ActionMailer::Base.default_url_options[:host] = host
ActionMailer::Base.default_url_options[:protocol] = protocol
@@ -29,7 +29,7 @@ def encoded_hash
# specification.
def claim
@claim ||= {}.tap do |hash|
- hash[:iss] = Rails.application.secrets.machine_fqdn
+ hash[:iss] = fqdn
hash[:sub] = @account
hash[:aud] = @service
hash[:iat] = issued_at
@@ -76,3 +76,7 @@ first_user_admin:
# By default require ssl to be enabled when running on production
check_ssl_usage:
enabled: <%= @options["secure"] %>
+
+# The FQDN of the machine where Portus is being deployed.
+machine_fqdn:
+ value: <%= HOSTNAME %>
@@ -6,7 +6,7 @@
before :all do
secrets = Rails.application.secrets
@secret_key_base = secrets.secret_key_base
- @secret_machine_fqdn = secrets.machine_fqdn
+ @secret_machine_fqdn = fqdn
@secret_encryption_private_key_path = secrets.encryption_private_key_path
@secret_portus_password = secrets.portus_password
end
@@ -56,7 +56,7 @@
describe "basic fields" do
describe ":iss" do
it "is set to portus fqdn" do
- expect(subject.claim[:iss]).to eq Rails.application.secrets.machine_fqdn
+ expect(subject.claim[:iss]).to eq fqdn
end
end

0 comments on commit f085045

Please sign in to comment.