Commit bedfd63d authored by bow's avatar bow
Browse files

Update API users creation as an Ansible task

parent cd29f35f
......@@ -9,6 +9,8 @@ mongodb_user_admin_password: userAdmin
mongodb_users: []
mongodb_sentinel_users: []
## System options ##
# MongoDB package name (mongodb-org for vendor, mongodb for apt)
mongodb_package: mongodb-org
......
......@@ -59,23 +59,3 @@ if (missingIndex(db.references.getIndexes(), refIndex)) {
db.references.createIndex(refIndex, {"unique": true});
print("index created: reference");
}
// NOTE: must be kept in sync with User in the source code
// TODO: store this in as ansible variables
var devUser = {
id: "dev",
email: "dev@sentinel.org",
// log2 10 hashing round of `dev`
hashedPassword: "$2a$10$dNNzi9ieIj1Lk/ED184tPOHJeYDCIc/9bvCJUggC8Gl.4d4pEsdn6",
activeKey: "dev",
verified: true,
isAdmin: true,
creationTimeUtc: new Date()
}
var query = Object.assign({}, devUser);
delete query.creationTimeUtc;
var existingUserCount = db.users.find(query).count();
if (existingUserCount === 0) {
print("user added: dev");
db.users.insert(devUser);
}
......@@ -9,3 +9,25 @@
when: mongodb_js_index_script is defined
register: js_index_script
changed_when: js_index_script.stdout != ""
- name: check if api users exist
shell: "/usr/bin/mongo --quiet -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin --eval \"db.users.find({id: '{{ item.id }}'}).count()\" sentinel || true"
register: api_users_exist
changed_when: api_users_exist.stdout != "1" or api_users_exist.rc != 0
with_items:
- "{{ mongodb_sentinel_users }}"
when: mongodb_sentinel_users is defined and mongodb_sentinel_users
- name: copy users config script if required
template: src=sentinelUsersSetup.js.j2 dest={{ mongodb_misc_dir }}/sentinelUsersSetup.js owner={{ mongodb_user }} group={{ mongodb_user }} mode=0600
when: api_users_exist|changed
- name: run api users config script if required
shell: /usr/bin/mongo --quiet 127.0.0.1:27017/sentinel {{ mongodb_misc_dir }}/sentinelUsersSetup.js -u {{ mongodb_root_name }} -p {{ mongodb_root_password }} --authenticationDatabase admin
register: api_users
changed_when: api_users.stdout != ""
when: api_users_exist|changed
- name: remove api users config script if present
file: path={{ mongodb_misc_dir }}/sentinelUsersSetup.js state=absent
when: api_users_exist|changed
// {{ ansible_managed }}
// NOTE: must be kept in sync with User in the source code
var addUserIfNotExist = function(user) {
var query = Object.assign({}, user);
delete query.creationTimeUtc;
delete query.hashedPassword;
var existingUserCount = db.users.find(query).count();
if (existingUserCount === 0) {
db.users.insert(user);
print("user added: ".concat(user.id));
}
}
var users = [
{% for user in mongodb_sentinel_users %}
{
id: "{{ user.id }}",
email: "{{ user.email }}",
hashedPassword: "{{ user.hashed_password }}",
activeKey: "{{ user.active_key }}",
verified: {{ user.verified|to_nice_json }},
isAdmin: {{ user.is_admin|to_nice_json }},
creationTimeUtc: new Date()
}{% if not loop.last %},{% endif %}
{% endfor %}
];
users.forEach(addUserIfNotExist);
# Custom Ansible filter plugin for Sentinel deployment.
#
# This file is part of Sentinel.
#
# Copyright (c) 2015 Leiden University Medical Center and contributors
# (see AUTHORS.md file for details).
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from passlib.hash import bcrypt
def hashpw(string, rounds=10):
"""Encrypts the given string using bcrypt, with 10 rounds by default."""
return bcrypt.encrypt(string, rounds=rounds)
class FilterModule(object):
"""Custom Sentinel Jinja2 filter plugin."""
def filters(self):
"""Exposes the custom filters to the Jinja2 environment."""
return {'hashpw': hashpw}
......@@ -13,3 +13,13 @@ mongodb_users:
name: "{{ mongodb_user_sentinel_name }}"
password: "{{ mongodb_user_sentinel_password }}"
roles: readWrite
# Sentinel API admin user. #
mongodb_sentinel_users:
# The default admin user
- id: dev
email: dev@sentinel.dev
hashed_password: "{{ 'dev'|hashpw }}"
active_key: dev
verified: yes
is_admin: yes
ansible==2.0.0.2
bcrypt==2.0.0
passlib==1.6.5
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment