From ebb2bf66d0ed8d920e3a102fcfd02ecbf7d9c49f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rard=20Collin?= Date: Mon, 1 Apr 2024 11:42:02 +0200 Subject: [PATCH] v.0.3.1 & Multitenant & secured mongo access --- conf/.env | 10 ++++------ conf/nginx.conf | 7 ------- manifest.toml | 14 ++++++++++---- scripts/_common.sh | 2 +- scripts/backup | 4 ++-- scripts/install | 8 +++++--- scripts/remove | 2 +- scripts/restore | 5 ++--- scripts/upgrade | 31 +++++++++++++++++++++++-------- tests.toml | 1 + 10 files changed, 49 insertions(+), 35 deletions(-) diff --git a/conf/.env b/conf/.env index 32f4820..a02d9d5 100644 --- a/conf/.env +++ b/conf/.env @@ -1,9 +1,7 @@ quarkus_http_host=127.0.0.1 - -quarkus_mongodb_projects_connection_string=mongodb://localhost:27017 -projects_database_name=dontCodeProjects - -quarkus_mongodb_data_connection_string=mongodb://localhost:27017 -data_database_name=dontCodeData +quarkus_mongodb_projects_connection_string=mongodb://__DB_USER__:__DB_PWD__@localhost:27017/?authSource=dontCode__TENANT__Projects +projects_database_name=dontCode__TENANT__Projects +quarkus_mongodb_data_connection_string=mongodb://__DB_USER__:__DB_PWD__@localhost:27017/?authSource=dontCode__TENANT__Data +data_database_name=dontCode__TENANT__Data document_directory=__DOCUMENT_DIR__ document_external_url=__DOCUMENT_URL__ diff --git a/conf/nginx.conf b/conf/nginx.conf index ccbfa21..08fe1a6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -50,11 +50,4 @@ location __PATH__/ { client_max_body_size 15M; } - location __PATH__/demo_project { - proxy_pass http://localhost:__PORT_PROJECT__/project; - proxy_set_header Host $host; - proxy_set_header DbName "dontCodeDemoProjects"; - proxy_read_timeout 86400s; - proxy_send_timeout 86400s; - } } diff --git a/manifest.toml b/manifest.toml index e36f4da..6173aeb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "Dont-code Services" description.en = "Install services and databases needed to support Dont-code platform" description.fr = "Installe les services et base de données nécessaires pour utiliser la plateforme Dont-code" -version = "0.2.10~ynh6" +version = "0.3.1~ynh1" maintainers = ["Dont-code Team"] @@ -22,7 +22,7 @@ code = "https://github.com/dont-code" [integration] yunohost = ">= 11.0.0" architectures = "all" -multi_instance = false +multi_instance = true ldap = false sso = false disk = "50M" @@ -39,6 +39,12 @@ ram.runtime = "400M" type = "path" default = "/dont-code" + [install.tenant] + ask.en = "The name of the tenant these services will support. This configures database name to use. Can be empty if non necessary." + ask.fr = "Le nom du tenant associé a ces services. Permet de configurer une base de donnée séparée. Peut-être vide si non nécessaire." + type = "string" + optional = true + [install.public_key] ask.en = "SSH Public key to allow service updates as part of delivery process, leave empty to disable." ask.fr = "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné." @@ -51,8 +57,8 @@ ram.runtime = "400M" [resources] [resources.sources.main] - url = "https://github.com/dont-code/release/releases/download/v0.2.10/dont-code-release-runners.zip" - sha256 = "f20bfa0423d48015a3507b0555d30d57fa594657a4bca55ad869fca8fbad125d" + url = "https://github.com/dont-code/release/releases/download/v0.3.1/dont-code-release-runners.zip" + sha256 = "b69361f5383c904e30d551efd7a64cc155459af6a25e32fd5ca41633bcfb3658" in_subdir = false autoupdate.strategy = "latest_github_release" autoupdate.asset = "dont-code-release-runners.zip" diff --git a/scripts/_common.sh b/scripts/_common.sh index e4bf749..7ec06e1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,7 +10,7 @@ mongo_version=6.0 SERVICES_LIST=(ide preview project data) # List of Mongo databases to manage -MONGO_DB_LIST=(dontCodeProjects dontCodeDemoProjects dontCodeData dontCodeTestProjects) +MONGO_DB_LIST=(Projects Data) # The list of port in the same order than the list of services PORT_LIST=("$port_ide" "$port_preview" "$port_project" "$port_data") diff --git a/scripts/backup b/scripts/backup index 2a1f581..17f5883 100755 --- a/scripts/backup +++ b/scripts/backup @@ -63,11 +63,11 @@ fi ynh_print_info --message="Backing up the Mongo databases..." for db_name in "${MONGO_DB_LIST[@]}"; do - ynh_mongo_dump_db --database=$db_name > ./dump-${db_name}.bson + ynh_mongo_dump_db --database="dontCode$tenant$db_name" > ./dump-${tenant}${db_name}.bson done #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info --message="Backup script completed for $app with tenant $tenant. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index cf5fa2b..5823475 100755 --- a/scripts/install +++ b/scripts/install @@ -85,9 +85,11 @@ ynh_script_progression --message="Creating the Mongo databases..." --weight=1 db_user=$(ynh_sanitize_dbid --db_name="${app}") ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" -# We should probably enable databases to the user, but for now, we connect through admin -# No need to create other databases: Mongo creates them on the fly -ynh_mongo_setup_db --db_user="$db_user" --db_name="${MONGO_DB_LIST[0]}" +# Let's create all databases needed, and assign them to the user + +for db_name in "${MONGO_DB_LIST[@]}"; do + ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}" +done #================================================= # SYSTEM CONFIGURATION diff --git a/scripts/remove b/scripts/remove index ea1a6aa..a62bb13 100755 --- a/scripts/remove +++ b/scripts/remove @@ -36,7 +36,7 @@ ynh_remove_logrotate # Remove a database if it exists, along with the associated user for db_name in "${MONGO_DB_LIST[@]}"; do - ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name + ynh_mongo_remove_db --db_user=$db_user --db_name="dontCode$tenant$db_name" done # Remove mongo itself if not used anymore diff --git a/scripts/restore b/scripts/restore index 1532db5..e17595e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -64,10 +64,9 @@ ynh_install_mongo --mongo_version=$mongo_version #================================================= ynh_script_progression --message="Restoring the Mongo databases..." --weight=1 -ynh_mongo_setup_db --db_user=$db_user --db_name=${MONGO_DB_LIST[0]} --db_pwd=$db_pwd - for db_name in "${MONGO_DB_LIST[@]}"; do - ynh_mongo_restore_db --database="$db_name" < "./dump-${db_name}.bson" + ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}" + ynh_mongo_restore_db --database="dontCode$tenant$db_name" < "./dump-${tenant}${db_name}.bson" done #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b83df55..8b3041e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,6 +34,13 @@ if [ -z "${public_key+x}" ]; then ynh_app_setting_set --app="$app" --key=public_key --value="$public_key" fi +# Set default tenant to empty if needed +if [ -z "${tenant+x}" ]; then + tenant="" + ynh_app_setting_set --app="$app" --key=tenant --value="$tenant" +fi + + if [[ -n "${document_path:-}" ]]; then # Renamed setting key document_dir="$document_path" @@ -66,7 +73,7 @@ if [[ -n "${html_path:-}" ]]; then fi -# Regenerate the .env file if the document_url was incorrectly set before +# Recalculate the document_url if it was incorrectly set before correct_document_url=$(append_uri "https://${domain}${path}" "docs") if [ "$correct_document_url" != "$document_url" ]; then ynh_script_progression --message="Updading url for documents" --weight=1 @@ -74,13 +81,6 @@ if [ "$correct_document_url" != "$document_url" ]; then document_url=$correct_document_url ynh_app_setting_set --app=$app --key=document_url --value=$document_url - ynh_add_config --template=".env" --destination="$install_dir/.env" - - # FIXME: this should be handled by the core in the future - # You may need to use chmod 600 instead of 400, - # for example if the app is expected to be able to modify its own config - chmod 400 "$install_dir/.env" - chown $app:$app "$install_dir/.env" fi #================================================= @@ -92,6 +92,16 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]; then # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep ".env .ssh/authorized_keys restart_services.sh" + + # Always update .env + ynh_add_config --template=".env" --destination="$install_dir/.env" + + # FIXME: this should be handled by the core in the future + # You may need to use chmod 600 instead of 400, + # for example if the app is expected to be able to modify its own config + chmod 400 "$install_dir/.env" + chown $app:$app "$install_dir/.env" + fi chmod -R o-rwx "$install_dir" @@ -124,6 +134,11 @@ ynh_script_progression --message="Upgrading MongoDB..." --weight=1 # Install the required version of Mongo ynh_install_mongo --mongo_version=$mongo_version +# We are now assigning the user to the database, so update the user's rights +for db_name in "${MONGO_DB_LIST[@]}"; do + ynh_mongo_setup_db --db_user="$db_user" --db_pwd="$db_pwd" --db_name="dontCode$tenant${db_name}" +done + #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= diff --git a/tests.toml b/tests.toml index 77f10a9..441f9db 100644 --- a/tests.toml +++ b/tests.toml @@ -11,4 +11,5 @@ test_format = 1.0 test_upgrade_from.7852cc4bf44ff20ee51fe35f3f53dc105e0f6d79.name= "2023-01-07 - Added Ssh support for dev." test_upgrade_from.e89eebdac9f59202202d07972e274ebe6fc7c51c.name= "Before Manifest v2." + test_upgrade_from.13b9ba1eb3ccad38329ee2c7dadad00c18fe5e83.name= "Switching to multi_instance." \ No newline at end of file