Only use temporary credentials on the worker
This commit is contained in:
Charles Care
@@ -4,6 +4,7 @@ $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
|
||||
|
||||
require "pipeline"
|
||||
|
||||
Pipeline.load_config(File.expand_path('../../config/pipeline.yml', __FILE__))
|
||||
context = ZMQ::Context.new
|
||||
router = Pipeline::Rpc::Router.new(context)
|
||||
|
||||
|
||||
@@ -6,6 +6,5 @@ require "pipeline"
|
||||
|
||||
env_base = ARGV[0]
|
||||
|
||||
# Pipeline.load_config(File.expand_path('../../config/pipeline.yml', __FILE__))
|
||||
server = Pipeline::Rpc::Worker.new(env_base)
|
||||
server.listen
|
||||
|
||||
@@ -5,6 +5,7 @@ require 'securerandom'
|
||||
require 'rugged'
|
||||
require 'aws-sdk-ecr'
|
||||
require 'aws-sdk-s3'
|
||||
require 'aws-sdk-sts'
|
||||
require 'yaml'
|
||||
require 'json'
|
||||
require 'ffi-rzmq'
|
||||
|
||||
@@ -2,8 +2,9 @@ class Pipeline::ContainerRepo
|
||||
|
||||
attr_reader :image_name
|
||||
|
||||
def initialize(image_name)
|
||||
def initialize(image_name, credentials=nil)
|
||||
@image_name = image_name
|
||||
@credentials = credentials
|
||||
end
|
||||
|
||||
def create_if_required
|
||||
@@ -55,7 +56,12 @@ class Pipeline::ContainerRepo
|
||||
end
|
||||
|
||||
def ecr
|
||||
@ecr ||= Aws::ECR::Client.new(region: 'eu-west-1')
|
||||
@ecr ||= begin
|
||||
Aws::ECR::Client.new(
|
||||
region: 'eu-west-1',
|
||||
credentials: @credentials
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
@@ -98,14 +98,24 @@ module Pipeline::Rpc
|
||||
end
|
||||
end
|
||||
|
||||
def set_temp_credentials(msg)
|
||||
sts = Aws::STS::Client.new(region: "eu-west-1")
|
||||
session = sts.get_session_token(duration_seconds: 900)
|
||||
msg["credentials"] = session.to_h[:credentials]
|
||||
msg
|
||||
end
|
||||
|
||||
def handle_frontend_req
|
||||
msg = []
|
||||
front_end_socket.recv_strings(msg)
|
||||
puts ">>>> #{msg}"
|
||||
if (msg[2] == "describe_analysers")
|
||||
analyzer_spec = {
|
||||
"ruby" => [ "v0.0.3", "v0.0.5" ]
|
||||
analyzer_spec: {
|
||||
"ruby" => [ "v0.0.3", "v0.0.5" ]
|
||||
}
|
||||
}
|
||||
set_temp_credentials(analyzer_spec)
|
||||
reply = [msg.first, "", analyzer_spec.to_json]
|
||||
front_end_socket.send_strings(reply)
|
||||
return
|
||||
@@ -118,7 +128,18 @@ module Pipeline::Rpc
|
||||
front_end_socket.send_strings(reply)
|
||||
else
|
||||
@in_flight[msg.first] = {msg: msg, timeout: Time.now.to_i + 5}
|
||||
result = back_end_socket.send_strings(msg, ZMQ::DONTWAIT)
|
||||
|
||||
sts = Aws::STS::Client.new(region: "eu-west-1")
|
||||
session = sts.get_session_token(duration_seconds: 900)
|
||||
|
||||
raw_msg = msg[2]
|
||||
m = JSON.parse(raw_msg)
|
||||
set_temp_credentials(m)
|
||||
upstream_msg = [msg.first, "", m.to_json]
|
||||
|
||||
puts upstream_msg
|
||||
|
||||
result = back_end_socket.send_strings(upstream_msg, ZMQ::DONTWAIT)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -17,8 +17,9 @@ class Pipeline::Rpc::Worker
|
||||
@setup.send_string("describe_analysers")
|
||||
msg = ""
|
||||
@setup.recv_string(msg)
|
||||
analyzer_spec = JSON.parse(msg)
|
||||
puts analyzer_spec
|
||||
msg = JSON.parse(msg)
|
||||
analyzer_spec = msg["analyzer_spec"]
|
||||
credentials = parse_credentials(msg)
|
||||
|
||||
environment.prepare
|
||||
|
||||
@@ -29,7 +30,7 @@ class Pipeline::Rpc::Worker
|
||||
puts "Already installed #{language_slug}"
|
||||
else
|
||||
puts "Installed #{language_slug}"
|
||||
environment.release_analyzer(language_slug, version)
|
||||
environment.release_analyzer(language_slug, version, credentials)
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -59,7 +60,19 @@ class Pipeline::Rpc::Worker
|
||||
end
|
||||
end
|
||||
|
||||
def parse_credentials(request)
|
||||
raw_credentials = request["credentials"]
|
||||
key = raw_credentials["access_key_id"]
|
||||
secret = raw_credentials["secret_access_key"]
|
||||
session = raw_credentials["session_token"]
|
||||
Aws::Credentials.new(key, secret, session)
|
||||
end
|
||||
|
||||
def analyze(request)
|
||||
s3 = Aws::S3::Client.new(
|
||||
credentials: parse_credentials(request),
|
||||
region: "eu-west-1")
|
||||
|
||||
language_slug = request["track_slug"]
|
||||
exercise_slug = request["exercise_slug"]
|
||||
solution_slug = request["solution_slug"]
|
||||
@@ -77,7 +90,6 @@ class Pipeline::Rpc::Worker
|
||||
location_uri = URI(location)
|
||||
bucket = location_uri.host
|
||||
path = location_uri.path[1..]
|
||||
s3 = Aws::S3::Client.new(region: 'eu-west-1')
|
||||
params = {
|
||||
bucket: bucket,
|
||||
prefix: "#{path}/",
|
||||
|
||||
@@ -17,9 +17,7 @@ module Pipeline::Runtime
|
||||
File.exist? current_dir
|
||||
end
|
||||
|
||||
def release_analyzer(track_slug, version)
|
||||
registry_endpoint = Pipeline.config["registry_endpoint"]
|
||||
|
||||
def release_analyzer(track_slug, version, credentials)
|
||||
track_dir = "#{env_base}/#{track_slug}/#{version}"
|
||||
release_dir = "#{track_dir}/releases/#{Time.now.to_i}_release"
|
||||
current_dir = "#{track_dir}/current"
|
||||
@@ -34,7 +32,7 @@ module Pipeline::Runtime
|
||||
|
||||
container_driver = Pipeline::Util::ContainerDriver.new(runc, img, configurator, release_dir)
|
||||
|
||||
container_repo = Pipeline::ContainerRepo.new("#{track_slug}-analyzer-dev")
|
||||
container_repo = Pipeline::ContainerRepo.new("#{track_slug}-analyzer-dev", credentials)
|
||||
user,password = container_repo.create_login_token
|
||||
img.reset_hub_login
|
||||
img.login("AWS", password, container_repo.repository_url)
|
||||
|
||||
Reference in New Issue
Block a user