chore: update circleci to use new docker auth (#85)

chore: update circleci to use new docker auth NOTE: while libs and tests have been updated, audit would need to ignore RUSTSEC-2020-0052 until `slog-async` is updated Issue mozilla-services/services-engineering#71
mozilla-services · Oct 20, 2020 · 0813565 · 0813565
1 parent addc42f
commit 0813565
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 40 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -5,11 +5,24 @@
 # DOCKER_USER
 # DOCKER_PASS
 #
-version: 2
+version: 2.1
+defaults:
+    docker_login: &docker_login
+      run:
+          name: Login to Dockerhub
+          command: |
+              if [ "${DOCKER_USER}" == "" ] || [ "${DOCKER_PASS}" == "" ]; then
+                  echo "Skipping Login to Dockerhub, no credentials."
+              else
+                  echo "${DOCKER_PASS}" | docker login -u="${DOCKER_USER}" --password-stdin
+              fi
 jobs:
   build:
     docker:
       - image: docker:18.03.0-ce
+        auth:
+            username: $DOCKER_USER
+            password: $DOCKER_PASS
     working_directory: /dockerflow
     steps:
       - run:
@@ -18,6 +31,7 @@ jobs:
 
       - checkout
       - setup_remote_docker
+      - *docker_login
 
       - run:
           name: Create a version.json
@@ -47,14 +61,17 @@ jobs:
   deploy:
     docker:
       - image: docker:18.03.0-ce
+        auth:
+            username: $DOCKER_USER
+            password: $DOCKER_PASS
     steps:
       - setup_remote_docker
       - restore_cache:
           key: v1-{{.Branch}}
       - run:
           name: Restore Docker image cache
           command: docker load -i /cache/docker.tar
-
+      - *docker_login
       - run:
           name: Deploy to Dockerhub
           command: |

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -13,15 +13,15 @@ diesel_migrations = { version = "1.4.0", features = ["mysql"] }
 failure = "0.1.6"
 lazy_static = "1.4.0"
 mozsvc-common = "0.1.1"
-regex = "1.3.3"
+regex = "1.4"
 rocket = "0.4.2"
-rocket_contrib = "0.4.2"
-serde = "1.0.104"
-serde_json = "1.0.44"
+rocket_contrib = "0.4"
+serde = "1.0"
+serde_json = "1.0"
 slog = { version = "2.5.2", features = ["nested-values"] }
-slog-async = { version = "2.3.0", features = ["nested-values"] }
+slog-async = { version = "2.5", features = ["nested-values"] }  # 2.5 includes RUSTSEC-2020-0052
 slog_derive = "0.2.0"
 slog-mozlog-json = "0.1.0"
-slog-term = "2.4.2"
+slog-term = "2.6"
 # must match the toml (minor) version rocket depends on
-toml = "0.4.10"
+toml = "0.5"
diff --git a/Dockerfile b/Dockerfile
@@ -16,8 +16,6 @@ RUN \
 
 FROM debian:buster-slim
 
-MAINTAINER <pjenvey@underboss.org>
-
 RUN \
     groupadd --gid 10001 app && \
     useradd --uid 10001 --gid 10001 --home /app --create-home app && \

diff --git a/src/auth.rs b/src/auth.rs
@@ -158,20 +158,37 @@ pub fn authorized_reader(request: &Request<'_>) -> HandlerResult<Reader> {
 }
 
 #[cfg(test)]
-mod test {
-    use rocket::config::{Config, Environment};
-    use toml::{toml, toml_internal};
+pub(crate) mod test {
+    use rocket::config::{Array, Config, Environment, Value};
+    use std::collections::BTreeMap;
 
     use super::{BearerTokenAuthenticator, Group};
 
+    pub(crate) fn to_table(vals: Vec<&str>) -> BTreeMap<String, Vec<Value>> {
+        let mut table = BTreeMap::new();
+        {
+            for val in vals {
+                let mut vargs: Vec<Value> = Array::new();
+                let bits: Vec<&str> = val.splitn(2, "=").collect();
+                let key = bits[0];
+                let items = bits[1];
+                for item in items.split(",") {
+                    vargs.push(item.into())
+                }
+                table.insert(key.into(), vargs);
+            }
+        }
+        table
+    }
+
     #[test]
     fn test_basic() {
         let config = Config::build(Environment::Development)
             .extra(
                 "broadcaster_auth",
-                toml! {foo = ["bar"] baz = ["quux", "wobble"]},
+                to_table(["foo=bar", "baz=quux,wobble"].to_vec()),
             )
-            .extra("reader_auth", toml! {otto = ["push"]})
+            .extra("reader_auth", to_table(["otto=push"].to_vec()))
             .unwrap();
         let authenicator = BearerTokenAuthenticator::from_config(&config).unwrap();
 
@@ -193,26 +210,29 @@ mod test {
     #[test]
     fn test_dupe_token() {
         let config = Config::build(Environment::Development)
-            .extra("broadcaster_auth", toml! {foo = ["bar"] baz = ["bar"]})
-            .extra("reader_auth", toml! {otto = ["push"]})
+            .extra(
+                "broadcaster_auth",
+                to_table(["foo=bar", "baz=bar"].to_vec()),
+            )
+            .extra("reader_auth", to_table(["otto=push"].to_vec()))
             .unwrap();
         assert!(BearerTokenAuthenticator::from_config(&config).is_err());
     }
 
     #[test]
     fn test_dupe_token2() {
         let config = Config::build(Environment::Development)
-            .extra("broadcaster_auth", toml! {foo = ["bar"]})
-            .extra("reader_auth", toml! {baz = ["quux", "bar"]})
+            .extra("broadcaster_auth", to_table(["foo=bar"].to_vec()))
+            .extra("reader_auth", to_table(["baz=quux,bar"].to_vec()))
             .unwrap();
         assert!(BearerTokenAuthenticator::from_config(&config).is_err());
     }
 
     #[test]
     fn test_dupe_user() {
         let config = Config::build(Environment::Development)
-            .extra("broadcaster_auth", toml! {foo = ["bar"]})
-            .extra("reader_auth", toml! {foo = ["baz"]})
+            .extra("broadcaster_auth", to_table(["foo=bar"].to_vec()))
+            .extra("reader_auth", to_table(["foo=baz"].to_vec()))
             .unwrap();
         assert!(BearerTokenAuthenticator::from_config(&config).is_err());
     }

diff --git a/src/http.rs b/src/http.rs
@@ -206,14 +206,14 @@ fn setup_rocket(rocket: Rocket) -> Result<Rocket> {
 
 #[cfg(test)]
 mod test {
+    use crate::auth::test::to_table;
     use rocket;
-    use rocket::config::{Config, Environment, RocketConfig};
+    use rocket::config::{Config, Environment, RocketConfig, Value as RValue};
     use rocket::http::{Header, Status};
     use rocket::local::Client;
     use rocket::response::Response;
     use rocket_contrib::json;
     use serde_json::{self, Value};
-    use toml::{toml, toml_internal};
 
     use super::setup_rocket;
 
@@ -247,22 +247,22 @@ mod test {
         let database_url = rconfig
             .active()
             .get_str("database_url")
-            .expect("ROCKET_DATABASE_URL undefined");
-
+            .expect("ROCKET_DATABASE_URL undefined").to_owned();
         let config = Config::build(Environment::Development)
-            .extra("database_url", database_url)
+            .extra("database_url", RValue::String(database_url))
             .extra("database_pool_max_size", 1)
             .extra("database_use_test_transactions", true)
             .extra("json_logging", false)
             .extra(
                 "broadcaster_auth",
-                toml! {
-                    foo = ["feedfacedeadbeef", "deadbeeffacefeed"]
-                    baz = ["baada555deadbeef"]
-                },
+                to_table(["foo=feedfacedeadbeef,deadbeeffacefeed", "baz=baada555deadbeef"].to_vec())
+            )
+            .extra(
+                "reader_auth",
+                to_table(["reader=00000000deadbeef"].to_vec())
             )
-            .extra("reader_auth", toml! {reader = ["00000000deadbeef"]})
             .unwrap();
+        dbg!(&config);
 
         let rocket = setup_rocket(rocket::custom(config)).expect("rocket failed");
         Client::new(rocket).expect("rocket launch failed")