From 896d176ef803c096ec8d197bb961c7367d862bcb Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 8 Apr 2018 10:17:29 +0300
Subject: Add: worker-manager gets client credenticals via config file

---
 worker_manager | 37 ++++++++++++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 7 deletions(-)

(limited to 'worker_manager')

diff --git a/worker_manager b/worker_manager
index 6fd556c..1590109 100755
--- a/worker_manager
+++ b/worker_manager
@@ -35,14 +35,20 @@ class WorkerManager(cliapp.Application):
 
     def add_settings(self):
         self.settings.string(
-            ['controller'],
-            'base URL for the controller',
-            metavar='URL',
+            ['client-id'],
+            'use ID as the client id when authenticatin to IDP',
+            metavar='ID',
+        )
+
+        self.settings.string(
+            ['client-secret-cmd'],
+            'run CMD to gget the client secret when authentication to IDP',
+            metavar='CMD',
         )
 
         self.settings.string(
-            ['name'],
-            'name of this worker',
+            ['controller'],
+            'base URL for the controller',
             metavar='URL',
         )
 
@@ -82,16 +88,20 @@ class WorkerManager(cliapp.Application):
             raise
 
     def main_program(self, args):
-        self.settings.require('name')
+        self.settings.require('client-id')
+        self.settings.require('client-secret-cmd')
         self.settings.require('controller')
 
-        name = self.settings['name']
+        name = self.settings['client-id']
         url = self.settings['controller']
         workspace = self.settings['workspace']
         systree = self.settings['systree']
 
+        secret = self.get_client_secret()
+
         api = ControllerAPI(name, url)
         api.set_verify_tls(self.settings['verify-tls'])
+        api.set_client_creds(name, secret)
         worker = Worker(name, api, workspace, systree)
 
         logging.info('Worker manager %s starts, controller is %s', name, url)
@@ -108,6 +118,12 @@ class WorkerManager(cliapp.Application):
         secs = self.settings['sleep']
         time.sleep(secs)
 
+    def get_client_secret(self):
+        cmd = self.settings['client-secret-cmd']
+        output = cliapp.runcmd(['sh', '-c', cmd])
+        lines = output.splitlines()
+        return lines[0].strip()
+
 
 class ControllerAPI:
 
@@ -126,13 +142,20 @@ class ControllerAPI:
         self._cc.set_controller_url(url)
         self._ac = None
         self._blobs = None
+        self._client_id = None
+        self._client_secret = None
 
     def set_verify_tls(self, verify):
         self._cc.set_verify_tls(verify)
 
+    def set_client_creds(self, client_id, client_secret):
+        self._client_id = client_id
+        self._client_secret = client_secret
+
     def get_token(self):
         if self._ac is None:
             self._ac = self._cc.get_auth_client()
+            self._ac.set_client_creds(self._client_id, self._client_secret)
         return self._ac.get_token(self._scopes)
 
     def register(self):
-- 
cgit v1.2.1