Onprem fixes (#1782)

nuclia · Jan 30, 2024 · 08ecf1b · 08ecf1b
1 parent d094603
commit 08ecf1b
Show file tree

Hide file tree

Showing 8 changed files with 121 additions and 18 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -205,11 +205,10 @@ jobs:
           helm package charts/nucliadb
           curl --data-binary "@nucliadb-${{ steps.version_step.outputs.helm_version }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts
 
-      # Not working yet, disabled for now
-      # - name: Repository Dispatch
-      #   uses: peter-evans/repository-dispatch@v2
-      #   with:
-      #     token: ${{ secrets.GH_CICD_PUBLIC }}
-      #     repository: nuclia/nucliadb_deploy
-      #     event-type: promote
-      #     client-payload: '{"component": "nucliadb_standalone", "chart-version": "${{ steps.version_step.outputs.version_number }}" }'
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.GH_CICD_PUBLIC }}
+          repository: nuclia/nucliadb_deploy
+          event-type: promote
+          client-payload: '{"component": "nucliadb_standalone", "chart-version": "${{ steps.version_step.outputs.helm_version }}" }'
diff --git a/charts/nucliadb/templates/svc.yaml b/charts/nucliadb/templates/svc.yaml
@@ -14,7 +14,14 @@ spec:
     app: nucliadb
   ports:
     - name: http
+{{ if .Values.service }}
+  {{ if .Values.service.http_port }}
+      port: {{ .Values.service.http_port }}
+  {{ else }}
       port: 8080
+  {{ end }}
+{{ end }}
+      targetPort: 8080
       protocol: TCP
       appProtocol: http
     - name: train

diff --git a/charts/nucliadb/values.yaml b/charts/nucliadb/values.yaml
@@ -46,3 +46,8 @@ resources: {}
 storage:
   class: <replace-with-storage-class>
   size: 100Gi
+
+# Service settings
+service:
+# Tune this to have the k8s service expose a different port. By default is 8080
+#   http_port: 80
diff --git a/nucliadb/nucliadb/standalone/app.py b/nucliadb/nucliadb/standalone/app.py
@@ -51,6 +51,32 @@
 logger = logging.getLogger(__name__)
 
 
+HOMEPAGE_HTML = """
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>NucliaDB Standalone Server</title>
+</head>
+<body>
+    <h1>Welcome to NucliaDB Standalone Server</h1>
+    <p> The NucliaDB API is exposed at /api/v1. </p>
+    <br>
+    <h2>Quick Links</h2>
+    <ul>
+        <li><a href="/admin">Admin UI</a></li>
+        <li><a href="https://docs.nuclia.dev/docs/guides/nucliadb/deploy/basics">NucliaDB Deployment Documentation</a></li>
+        <li><a href="https://docs.nuclia.dev/docs/api">API Reference</a></li>
+        <li><a href="/api/v1/docs">API Explorer</a></li>
+        <li><a href="/metrics">Metrics</a></li>
+        <li><a href="https://docs.nuclia.dev/docs/">Nuclia Documentation</a></li>
+    </ul>
+</body>
+</html>
+"""  # noqa: E501
+
+
 def application_factory(settings: Settings) -> FastAPI:
     middleware = [
         Middleware(
@@ -96,7 +122,7 @@ def application_factory(settings: Settings) -> FastAPI:
             extend_openapi(route)
 
     async def homepage(request):
-        return HTMLResponse("NucliaDB Standalone Server")
+        return HTMLResponse(HOMEPAGE_HTML)
 
     # Use raw starlette routes to avoid unnecessary overhead
     application.add_route("/", homepage)

diff --git a/nucliadb/nucliadb/standalone/introspect.py b/nucliadb/nucliadb/standalone/introspect.py
@@ -174,17 +174,25 @@ async def add_settings(temp_dir: str, tar: tarfile.TarFile, settings: Settings):
 
 
 def _add_settings_to_tar(temp_dir: str, tar: tarfile.TarFile, settings: Settings):
-    # Remove sensitive data from settings
-    settings.nua_api_key = None
-    settings.jwk_key = None
-    settings.gcs_base64_creds = None
-    settings.s3_client_secret = None
+    remove_sensitive_settings(settings)
     settings_file = os.path.join(temp_dir, "settings.json")
     with open(settings_file, "w") as f:
         f.write(settings.json(indent=4))
     tar.add(settings_file, arcname="settings.json")
 
 
+def remove_sensitive_settings(settings: Settings):
+    for sensitive_setting in [
+        "nua_api_key",
+        "jwk_key",
+        "gcs_base64_creds",
+        "s3_client_secret",
+        "driver_pg_url",
+    ]:
+        if hasattr(settings, sensitive_setting):
+            setattr(settings, sensitive_setting, "********")
+
+
 async def add_logs(tar):
     loop = asyncio.get_event_loop()
     await loop.run_in_executor(None, _add_logs_to_tar, tar)

diff --git a/nucliadb/nucliadb/standalone/tests/integration/test_introspect.py b/nucliadb/nucliadb/standalone/tests/integration/test_introspect.py
@@ -71,10 +71,15 @@ async def test_introspect_endpoint(nucliadb_manager) -> None:
             os.path.join(extracted_tar, "settings.json")
         )
         # Check that sensitive data is not included
-        assert introspect_settings.nua_api_key is None
-        assert introspect_settings.jwk_key is None
-        assert introspect_settings.gcs_base64_creds is None
-        assert introspect_settings.s3_client_secret is None
+        for sensitive_key in [
+            "nua_api_key",
+            "jwk_key",
+            "gcs_base64_creds",
+            "s3_client_secret",
+            "driver_pg_url",
+        ]:
+            if hasattr(introspect_settings, sensitive_key):
+                assert getattr(introspect_settings, sensitive_key) == "********"
 
         # Check logs
         assert os.path.exists(os.path.join(extracted_tar, "logs/info.log"))

diff --git a/nucliadb/nucliadb/standalone/tests/unit/__init__.py b/nucliadb/nucliadb/standalone/tests/unit/__init__.py
@@ -0,0 +1,18 @@
+# Copyright (C) 2021 Bosutech XXI S.L.
+#
+# nucliadb is offered under the AGPL v3.0 and as commercial software.
+# For commercial licensing, contact us at [email protected].
+#
+# AGPL:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
diff --git a/nucliadb/nucliadb/standalone/tests/unit/test_introspect.py b/nucliadb/nucliadb/standalone/tests/unit/test_introspect.py
@@ -0,0 +1,35 @@
+# Copyright (C) 2021 Bosutech XXI S.L.
+#
+# nucliadb is offered under the AGPL v3.0 and as commercial software.
+# For commercial licensing, contact us at [email protected].
+#
+# AGPL:
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from nucliadb.standalone.introspect import remove_sensitive_settings
+from nucliadb.standalone.settings import Settings
+
+
+def test_remove_sensitive_settings():
+    sensitive = dict(
+        nua_api_key="secret",
+        jwk_key="secret",
+        gcs_base64_creds="secret",
+        s3_client_secret="secret",
+        driver_pg_url="secret",
+    )
+    settings = Settings(**sensitive)
+    remove_sensitive_settings(settings)
+    for key in sensitive:
+        assert getattr(settings, key) == "********"