From b315ac5659315b3132dd9ba36ad0743e32f2d4d2 Mon Sep 17 00:00:00 2001 From: Michael Kelly Date: Tue, 19 May 2015 13:51:48 -0700 Subject: [PATCH] Remove Git-specific auth and use local keys for Docker. Removes the git-specific username/password authentication and instead assumes that SSH keys will already be set up for git/svn/hg to use. Modifies the docker container to mount the user's SSH keys into the container so that the VCS sync management commands run using the user's local keys. This isn't a significant change in security mainly because previously the user's local keys were being used anyway since the app was run locally instead of being run in a container. --- docker-compose.yml | 1 + pontoon/administration/vcs.py | 19 +------------------ pontoon/settings/base.py | 4 ---- 3 files changed, 2 insertions(+), 22 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2f83d3cceb..9a32e98cfe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,6 +9,7 @@ web: - "8000:8000" volumes: - .:/pontoon + - ~/.ssh:/root/.ssh:ro links: - db dns: diff --git a/pontoon/administration/vcs.py b/pontoon/administration/vcs.py index f16c5d9777..0fd96cf6bc 100644 --- a/pontoon/administration/vcs.py +++ b/pontoon/administration/vcs.py @@ -1,12 +1,8 @@ # -*- coding: utf8 -*- from __future__ import absolute_import -import base64 import logging import os import subprocess -import urlparse - -from django.conf import settings log = logging.getLogger('pontoon') @@ -144,12 +140,6 @@ class CommitToGit(CommitToRepository): def commit(self, path=None, message=None, user=None): log.debug("Git: Commit to repository.") - # Bail early if we lack credentials. - if not settings.GIT_USERNAME or not settings.GIT_PASSWORD: - raise CommitToRepositoryException( - 'GIT_USERNAME and GIT_PASSWORD settings are not defined and ' - 'are required for committing to git repositories.') - path = path or self.path message = message or self.message user = user or self.user @@ -168,15 +158,8 @@ def commit(self, path=None, message=None, user=None): if code != 0 and len(error): raise CommitToRepositoryException(unicode(error)) - # Add auth credentials to URL for push. - url_parts = urlparse.urlparse(self.url) - netloc = '{username}:{password}@{netloc}'.format( - username=settings.GIT_USERNAME, password=settings.GIT_PASSWORD, - netloc=url_parts.netloc) - url = url_parts._replace(netloc=netloc).geturl() - # Push - push = ["git", "push", url] + push = ["git", "push", self.url] code, output, error = execute(push, path) if code != 0: raise CommitToRepositoryException(unicode(error)) diff --git a/pontoon/settings/base.py b/pontoon/settings/base.py index 095cf04307..aac1ca7525 100644 --- a/pontoon/settings/base.py +++ b/pontoon/settings/base.py @@ -63,10 +63,6 @@ def path(*args): # Raygun.io API Key RAYGUN4PY_API_KEY = os.environ.get('RAYGUN_APIKEY', '') -# Git(hub) Credentials -GIT_USERNAME = os.environ.get('GIT_USERNAME', '') -GIT_PASSWORD = os.environ.get('GIT_PASSWORD', '') - # Email settings EMAIL_HOST_USER = os.environ.get('SENDGRID_USERNAME', '') EMAIL_HOST = 'smtp.sendgrid.net'