From 5b6fc8d5473c41b1570e0e771b9e1a7417970429 Mon Sep 17 00:00:00 2001 From: Aine Date: Wed, 29 Nov 2023 13:23:57 +0200 Subject: [PATCH] buscarron: migrate to native /metrics auth --- .../matrix-bot-buscarron/defaults/main.yml | 15 ++++++------ .../tasks/setup_install.yml | 23 ------------------- .../matrix-bot-buscarron/templates/env.j2 | 3 +++ .../matrix-bot-buscarron/templates/labels.j2 | 20 ---------------- 4 files changed, 10 insertions(+), 51 deletions(-) diff --git a/roles/custom/matrix-bot-buscarron/defaults/main.yml b/roles/custom/matrix-bot-buscarron/defaults/main.yml index 961677612..d4844a8e5 100644 --- a/roles/custom/matrix-bot-buscarron/defaults/main.yml +++ b/roles/custom/matrix-bot-buscarron/defaults/main.yml @@ -41,14 +41,13 @@ matrix_bot_buscarron_container_network: matrix-bot-buscarron # Use this to expose this container to another reverse proxy, which runs in a different container network. matrix_bot_buscarron_container_additional_networks: [] -# enable basic auth for metrics -matrix_bot_buscarron_basicauth_enabled: false -# temporary file name on the host that runs ansible -matrix_bot_buscarron_basicauth_file: "/tmp/matrix_bot_buscarron_htpasswd" -# username -matrix_bot_buscarron_basicauth_user: '' -# password -matrix_bot_buscarron_basicauth_password: '' +# /metrics login +matrix_bot_buscarron_metrics_login: '' +# /metrics password +matrix_bot_buscarron_metrics_password: '' +# /metrics allowed ips +matrix_bot_buscarron_metrics_ips: [] + # matrix_bot_buscarron_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # See `../templates/labels.j2` for details. diff --git a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml index 0559efec1..1c2c62e14 100644 --- a/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml +++ b/roles/custom/matrix-bot-buscarron/tasks/setup_install.yml @@ -40,21 +40,6 @@ - {path: "{{ matrix_bot_buscarron_docker_src_files_path }}", when: true} when: "item.when | bool" -- name: Determine basicauth filename - ansible.builtin.set_fact: - matrix_bot_buscarron_basicauth_file_tmp: "{{ matrix_bot_buscarron_basicauth_file }}_{{ inventory_hostname }}" - when: matrix_bot_buscarron_basicauth_enabled | bool - -- name: Generate basic auth file - community.general.htpasswd: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - name: "{{ matrix_bot_buscarron_basicauth_user }}" - password: "{{ matrix_bot_buscarron_basicauth_password }}" - mode: 0640 - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron support files installed ansible.builtin.template: src: "{{ role_path }}/templates/{{ item }}.j2" @@ -66,14 +51,6 @@ - env - labels -- name: Ensure temporary basic auth file is removed - ansible.builtin.file: - path: "{{ matrix_bot_buscarron_basicauth_file }}" - state: absent - become: false - delegate_to: 127.0.0.1 - when: matrix_bot_buscarron_basicauth_enabled | bool - - name: Ensure buscarron image is pulled community.docker.docker_image: name: "{{ matrix_bot_buscarron_docker_image }}" diff --git a/roles/custom/matrix-bot-buscarron/templates/env.j2 b/roles/custom/matrix-bot-buscarron/templates/env.j2 index 80ddd38cc..1f71802a5 100644 --- a/roles/custom/matrix-bot-buscarron/templates/env.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/env.j2 @@ -17,6 +17,9 @@ BUSCARRON_PM_REPLYTO={{ matrix_bot_buscarron_pm_replyto }} BUSCARRON_SMTP_FROM={{ matrix_bot_buscarron_smtp_from }} BUSCARRON_SMTP_VALIDATION={{ matrix_bot_buscarron_smtp_validation }} BUSCARRON_NOENCRYPTION={{ matrix_bot_buscarron_noencryption }} +BUSCARRON_METRICS_LOGIN={{ matrix_bot_buscarron_metrics_login }} +BUSCARRON_METRICS_PASSWORD={{ matrix_bot_buscarron_metrics_password }} +BUSCARRON_METRICS_IPS={{ matrix_bot_buscarron_metrics_ips|default([])|join(" ") }} {% set forms = [] %} {% for form in matrix_bot_buscarron_forms -%}{{- forms.append(form.name) -}} BUSCARRON_{{ form.name|upper }}_ROOM={{ form.room|default('') }} diff --git a/roles/custom/matrix-bot-buscarron/templates/labels.j2 b/roles/custom/matrix-bot-buscarron/templates/labels.j2 index 6a1ead33d..9150a44bf 100644 --- a/roles/custom/matrix-bot-buscarron/templates/labels.j2 +++ b/roles/custom/matrix-bot-buscarron/templates/labels.j2 @@ -19,11 +19,6 @@ traefik.http.middlewares.matrix-bot-buscarron-strip-prefix.stripprefix.prefixes= {% set middlewares = middlewares + ['matrix-bot-buscarron-strip-prefix'] %} {% endif %} -{% if matrix_bot_buscarron_basicauth_enabled %} -traefik.http.middlewares.matrix-bot-buscarron-auth.basicauth.users={{ lookup('ansible.builtin.file', matrix_bot_buscarron_basicauth_file) }} -{% set middlewares_metrics = middlewares + ['matrix-bot-buscarron-auth'] %} -{% endif %} - {% if matrix_bot_buscarron_container_labels_traefik_additional_response_headers.keys() | length > 0 %} {% for name, value in matrix_bot_buscarron_container_labels_traefik_additional_response_headers.items() %} traefik.http.middlewares.matrix-bot-buscarron-add-headers.headers.customresponseheaders.{{ name }}={{ value }} @@ -46,21 +41,6 @@ traefik.http.routers.matrix-bot-buscarron.tls.certResolver={{ matrix_bot_buscarr {% endif %} traefik.http.services.matrix-bot-buscarron.loadbalancer.server.port=8080 -{% if middlewares_metrics | length > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.rule={{ matrix_bot_buscarron_container_labels_traefik_metrics_rule }} -{% if matrix_bot_buscarron_container_labels_traefik_priority | int > 0 %} -traefik.http.routers.matrix-bot-buscarron-metrics.priority={{ matrix_bot_buscarron_container_labels_traefik_priority }} -{% endif %} -traefik.http.routers.matrix-bot-buscarron-metrics.service=matrix-bot-buscarron -traefik.http.routers.matrix-bot-buscarron-metrics.middlewares={{ middlewares_metrics | join(',') }} -traefik.http.routers.matrix-bot-buscarron-metrics.entrypoints={{ matrix_bot_buscarron_container_labels_traefik_entrypoints }} -traefik.http.routers.matrix-bot-buscarron-metrics.tls={{ matrix_bot_buscarron_container_labels_traefik_tls | to_json }} -{% if matrix_bot_buscarron_container_labels_traefik_tls %} -traefik.http.routers.matrix-bot-buscarron-metrics.tls.certResolver={{ matrix_bot_buscarron_container_labels_traefik_tls_certResolver }} -{% endif %} -traefik.http.services.matrix-bot-buscarron-metrics.loadbalancer.server.port=8080 -{% endif %} - {% endif %} {{ matrix_bot_buscarron_container_labels_additional_labels }}