Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accessing protected blueprint-archive for example using basic auth, API key or other (like S3 bucket) #142

Open
avwsolutions opened this issue Oct 3, 2018 · 1 comment
Open

Accessing protected blueprint-archive for example using basic auth, API key or other (like S3 bucket) #142

avwsolutions opened this issue Oct 3, 2018 · 1 comment
Assignees
@EarthmanT

Comments

@avwsolutions
Copy link

avwsolutions commented Oct 3, 2018
edited by EarthmanT
Loading

As you know you can use a deployment proxy plugin to download and execute an additional blueprint package (ZIP) from for example from Github or any other unauthenticated source. In our case (security measures) we want to use GitLab. But in this case we need to add authentication to the response = requests.get(url, stream=True) line of code in the utils.py (code of deployment proxy). The requests library supports adding these headers.

aws:
    type: cloudify.nodes.DeploymentProxy
    properties:
      resource_config:
        blueprint:
          id: { get_input: network_deployment_name }
          blueprint_archive: https://github.com/cloudify-examples/aws-example-network/archive/master.zip
          # API key
          **blueprint_archive_apikey: { get_secret: blueprint_archive_apikey }
         # or basic auth
          blueprint_archive_username: { get_secret: blueprint_archive_username }
          blueprint_archive_password: { get_secret: blueprint_archive_password }**
          main_file_name: simple-blueprint.yaml
          external_resource: { get_input: use_existing_network_deployment }
        deployment:
          id: { get_input: network_deployment_name }
          outputs:
            vpc_id: vpc_id
            public_subnet_id: public_subnet_id
            private_subnet_id: private_subnet_id
            ec2_region_name: ec2_region_name
            ec2_region_endpoint: ec2_region_endpoint
            availability_zone: availability_zone
          external_resource: { get_input: use_existing_network_deployment }
        reexecute: false

Can this be seen as a enhancement request to the deployment proxy to support protected blueprint archive URLs ? Like using an API key ? and adding this as a attribute that we can fill-in with a secret.
@EarthmanT
Copy link
Contributor

@avwsolutions Thanks for the suggestion. This sounds like a very important addition that we should make to the plugin. We will try to add it soon. You are also more than welcome to submit a PR with the code change.

@EarthmanT EarthmanT self-assigned this Oct 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EarthmanT EarthmanT

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EarthmanT @avwsolutions