configuration variables taken from local files

The UI should run from a directory directly under soctools root (or the "SOCTOOLS_BASE" must be modified)

configuration variables taken from local files
d58514ed · Václav Bartoš · c552f7f7 · d58514ed · d58514ed
Commit d58514ed authored 3 years ago by Václav Bartoš
--- a/main.py
+++ b/main.py
@@ -5,18 +5,36 @@ from wtforms import StringField
 from wtforms.validators import DataRequired, Email

 import requests
-from datetime import datetime
+import yaml

+from datetime import datetime
+import os.path
+import re
 import subprocess

 app = Flask(__name__)
 app.secret_key = "ASDF1234 - CHANGE ME!"

-# *** Configuration ***
-# TODO get this from config/environment
-CA_CERT = "" # path to secrets/CA/ca.crt
-KEYCLOAK_BASE_URL = "" # https://{{soctoolsproxy}}:12443
-KEYCLOAK_ADMIN_PASSWORD = "" # take from secrets/passwords/keykloak_admin (Note: should be keycloak, not keykloak)
+# *** Configuration of file paths ***
+SOCTOOLS_BASE = ".." # path to the root of soctools files
+VARIABLES_FILE = os.path.join(SOCTOOLS_BASE, "group_vars/all/variables.yml")
+CA_CERT_FILE = os.path.join(SOCTOOLS_BASE, "secrets/CA/ca.crt")
+KEYCLOAK_ADMIN_PASSWORD_FILE = os.path.join(SOCTOOLS_BASE, "secrets/passwords/keykloak_admin") # Note: should be keycloak, not keykloak
+
+@app.before_first_request
+def load_config():
+    """Load various variables, api keys, etc. and set configuration parameters"""
+    global SOCTOOLSPROXY, KEYCLOAK_BASE_URL, KEYCLOAK_ADMIN_PASSWORD
+    variables = yaml.safe_load(open(VARIABLES_FILE, "r"))
+    print(variables)
+    # Get FQDN of the main server
+    SOCTOOLSPROXY = variables["soctoolsproxy"]
+    assert re.match('[a-zA-Z0-9.-]+', SOCTOOLSPROXY), f"ERROR: The 'soctoolsproxy' variable loaded from '{VARIABLES_FILE}' is not a valid domain name."
+    # Set base URL to Keycloak
+    KEYCLOAK_BASE_URL = f"https://{SOCTOOLSPROXY}:12443"
+    # Load API key for Keycloak
+    KEYCLOAK_ADMIN_PASSWORD = open(KEYCLOAK_ADMIN_PASSWORD_FILE, "r").read(100) # read max 100 B, the key should never be so long
+

 # *** Custom Jinja filters ***
 def ts_to_str(ts):
@@ -37,7 +55,7 @@ def get_token():
        "grant_type": "password"
    }
    try:
-        resp = requests.post(url, data, verify=CA_CERT)
+        resp = requests.post(url, data, verify=CA_CERT_FILE)
        if resp.status_code != 200:
            flash(f"ERROR: Can't get token for API access: ({resp.status_code}) {resp.text[:200]}", "error")
            return None
@@ -52,7 +70,7 @@ def get_users():
    token = get_token()
    if token is None:
        return [] # can't get token, error message is already flashed by get_token function
-    resp = requests.get(url, headers={'Authorization': 'Bearer ' + token}, verify=CA_CERT)
+    resp = requests.get(url, headers={'Authorization': 'Bearer ' + token}, verify=CA_CERT_FILE)
    if not resp.ok:
        flash(f"ERROR: Can't get list of users: ({resp.status_code}) {resp.text[:200]}", "error")
        return []

--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,5 @@ flask_wtf~=1.0.0
 wtforms~=3.0.1
 email-validator~=1.1.3
 requests~=2.27.1
-jinja2~=3.1.1
\ No newline at end of file
+jinja2~=3.1.1
+PyYAML~=5.2
\ No newline at end of file