livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-11-09 13:44:53 +08:00
Code Issues Projects Releases Packages Wiki Activity

Unify teams auth concerns under a single env var (#2306)

Browse source
This commit is contained in:
José Valim 2023-10-25 12:31:52 +02:00 committed by GitHub
parent b661273f1a
commit a2c1fe4b27
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 72 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
lib/livebook/application.ex
View file

@ -61,7 +61,7 @@ defmodule Livebook.Application do
case Supervisor.start_link(children, opts) do case Supervisor.start_link(children, opts) do
{:ok, _} = result -> {:ok, _} = result ->
load_lb_env_vars() load_lb_env_vars()
create_offline_hub() create_teams_hub()
clear_env_vars() clear_env_vars()
display_startup_info() display_startup_info()
Livebook.Hubs.connect_hubs() Livebook.Hubs.connect_hubs()
@ -246,74 +246,84 @@ defmodule Livebook.Application do
Livebook.Secrets.set_startup_secrets(secrets) Livebook.Secrets.set_startup_secrets(secrets)
end end
def create_offline_hub() do defp create_teams_hub() do
name = System.get_env("LIVEBOOK_TEAMS_NAME") teams_key = System.get_env("LIVEBOOK_TEAMS_KEY")
public_key = System.get_env("LIVEBOOK_TEAMS_OFFLINE_KEY") auth = System.get_env("LIVEBOOK_TEAMS_AUTH")
cond do
teams_key && auth ->
case String.split(auth, ":") do
["offline", name, public_key] -> create_offline_hub(teams_key, name, public_key)
_ -> Livebook.Config.abort!("Invalid LIVEBOOK_TEAMS_AUTH configuration.")
end
teams_key || auth ->
Livebook.Config.abort!(
"You must specify both LIVEBOOK_TEAMS_KEY and LIVEBOOK_TEAMS_AUTH."
)
true ->
:ok
end
end
defp create_offline_hub(teams_key, name, public_key) do
encrypted_secrets = System.get_env("LIVEBOOK_TEAMS_SECRETS") encrypted_secrets = System.get_env("LIVEBOOK_TEAMS_SECRETS")
encrypted_file_systems = System.get_env("LIVEBOOK_TEAMS_FS") encrypted_file_systems = System.get_env("LIVEBOOK_TEAMS_FS")
secret_key = Livebook.Teams.derive_key(teams_key)
id = "team-#{name}"
if name && public_key do secrets =
teams_key = if encrypted_secrets do
System.get_env("LIVEBOOK_TEAMS_KEY") || case Livebook.Teams.decrypt(encrypted_secrets, secret_key) do
Livebook.Config.abort!( {:ok, json} ->
"You specified LIVEBOOK_TEAMS_NAME, but LIVEBOOK_TEAMS_KEY is missing." for {name, value} <- Jason.decode!(json),
) do: %Livebook.Secrets.Secret{
name: name,
value: value,
hub_id: id
}
secret_key = Livebook.Teams.derive_key(teams_key) :error ->
id = "team-#{name}" Livebook.Config.abort!(
"You specified LIVEBOOK_TEAMS_SECRETS, but we couldn't decrypt with the given LIVEBOOK_TEAMS_KEY."
secrets = )
if encrypted_secrets do
case Livebook.Teams.decrypt(encrypted_secrets, secret_key) do
{:ok, json} ->
for {name, value} <- Jason.decode!(json),
do: %Livebook.Secrets.Secret{
name: name,
value: value,
hub_id: id
}
:error ->
Livebook.Config.abort!(
"You specified LIVEBOOK_TEAMS_SECRETS, but we couldn't decrypt with the given LIVEBOOK_TEAMS_KEY."
)
end
else
[]
end end
else
[]
end
file_systems = file_systems =
if encrypted_file_systems do if encrypted_file_systems do
case Livebook.Teams.decrypt(encrypted_file_systems, secret_key) do case Livebook.Teams.decrypt(encrypted_file_systems, secret_key) do
{:ok, json} -> {:ok, json} ->
for %{"type" => type} = dumped_data <- Jason.decode!(json), for %{"type" => type} = dumped_data <- Jason.decode!(json),
do: Livebook.FileSystems.load(type, dumped_data) do: Livebook.FileSystems.load(type, dumped_data)
:error -> :error ->
Livebook.Config.abort!( Livebook.Config.abort!(
"You specified LIVEBOOK_TEAMS_FS, but we couldn't decrypt with the given LIVEBOOK_TEAMS_KEY." "You specified LIVEBOOK_TEAMS_FS, but we couldn't decrypt with the given LIVEBOOK_TEAMS_KEY."
) )
end
else
[]
end end
else
[]
end
Livebook.Hubs.save_hub(%Livebook.Hubs.Team{ Livebook.Hubs.save_hub(%Livebook.Hubs.Team{
id: "team-#{name}", id: "team-#{name}",
hub_name: name, hub_name: name,
hub_emoji: "💡", hub_emoji: "💡",
user_id: 0, user_id: 0,
org_id: 0, org_id: 0,
org_key_id: 0, org_key_id: 0,
session_token: "", session_token: "",
teams_key: teams_key, teams_key: teams_key,
org_public_key: public_key, org_public_key: public_key,
offline: %Livebook.Hubs.Team.Offline{ offline: %Livebook.Hubs.Team.Offline{
secrets: secrets, secrets: secrets,
file_systems: file_systems file_systems: file_systems
} }
}) })
end
end end
defp config_env_var?("LIVEBOOK_" <> _), do: true defp config_env_var?("LIVEBOOK_" <> _), do: true

3
lib/livebook/hubs/dockerfile.ex
View file

@ -158,8 +158,7 @@ defmodule Livebook.Hubs.Dockerfile do
# Teams Hub configuration for airgapped deployment # Teams Hub configuration for airgapped deployment
ENV LIVEBOOK_TEAMS_KEY ${TEAMS_KEY} ENV LIVEBOOK_TEAMS_KEY ${TEAMS_KEY}
ENV LIVEBOOK_TEAMS_NAME "#{hub.hub_name}" ENV LIVEBOOK_TEAMS_AUTH "offline:#{hub.hub_name}:#{hub.org_public_key}"
ENV LIVEBOOK_TEAMS_OFFLINE_KEY "#{hub.org_public_key}"
""" """
secrets = secrets =

3
test/livebook/hubs/dockerfile_test.exs
View file

@ -101,8 +101,7 @@ defmodule Livebook.Hubs.DockerfileTest do
# Teams Hub configuration for airgapped deployment # Teams Hub configuration for airgapped deployment
ENV LIVEBOOK_TEAMS_KEY ${TEAMS_KEY} ENV LIVEBOOK_TEAMS_KEY ${TEAMS_KEY}
ENV LIVEBOOK_TEAMS_NAME "org-name-387" ENV LIVEBOOK_TEAMS_AUTH "offline:org-name-387:lb_opk_fpxnp3r5djwxnmirx3tu276hialoivf3"
ENV LIVEBOOK_TEAMS_OFFLINE_KEY "lb_opk_fpxnp3r5djwxnmirx3tu276hialoivf3"
# Apps configuration # Apps configuration
ENV LIVEBOOK_APPS_PATH "/apps" ENV LIVEBOOK_APPS_PATH "/apps"