mirror of
https://git.linux-kernel.at/oliver/ivatar.git
synced 2025-11-11 10:46:24 +00:00
368aa5bf27
- Add Argon2PasswordHasher with high security settings as primary hasher - Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility - Add argon2-cffi dependency to requirements.txt - Replace all print statements with proper logging calls across codebase - Implement comprehensive logging configuration with multiple handlers: * ivatar.log - General application logs (INFO level) * ivatar_debug.log - Detailed debug logs (DEBUG level) * security.log - Security events (WARNING level) - Add configurable LOGS_DIR setting with local config override support - Create config_local.py.example with logging configuration examples - Fix code quality issues (flake8, black formatting, import conflicts) - Maintain backward compatibility with existing password hashes Security improvements: - New passwords use Argon2 (memory-hard, ASIC-resistant) - Enhanced PBKDF2 iterations for fallback scenarios - Structured logging for security monitoring and debugging - Production-ready configuration with flexible log locations Tests: 85/113 passing (failures due to external DNS/API dependencies) Code quality: All pre-commit hooks passing
43 lines
1.5 KiB
Bash
Executable File
43 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
oc new-project ivatar
|
|
|
|
DB_PASSWORD=$(openssl rand -base64 16)
|
|
DB_ROOT_PASSWORD=$(openssl rand -base64 16)
|
|
|
|
if [ -n "$USE_MYSQL" ]; then
|
|
DB_CMDLINE="mysql-persistent
|
|
--group=python+mysql-persistent
|
|
-e MYSQL_USER=ivatar
|
|
-p MYSQL_USER=ivatar
|
|
-e MYSQL_PASSWORD=$DB_PASSWORD
|
|
-p MYSQL_PASSWORD=$DB_PASSWORD
|
|
-e MYSQL_DATABASE=ivatar
|
|
-p MYSQL_DATABASE=ivatar
|
|
-e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
|
|
-p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
|
|
else
|
|
DB_CMDLINE="postgresql-persistent
|
|
-e POSTGRESQL_USER=ivatar
|
|
-p POSTGRESQL_USER=ivatar
|
|
-e POSTGRESQL_DATABASE=ivatar
|
|
-p POSTGRESQL_DATABASE=ivatar
|
|
-e POSTGRESQL_PASSWORD=$DB_PASSWORD
|
|
-p POSTGRESQL_PASSWORD=$DB_PASSWORD
|
|
-e POSTGRESQL_ADMIN_PASSWORD=$DB_ROOT_PASSWORD"
|
|
fi
|
|
|
|
if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
|
|
#oc secrets new-basicauth lkernat-gitlab-openshift-falko-access-token --password=$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN
|
|
oc create secret generic lkernat-gitlab-openshift-falko-access-token --from-literal=password=$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN
|
|
oc secrets add serviceaccount/builder secrets/lkernat-gitlab-openshift-falko-access-token
|
|
SECRET_CMDLINE="--source-secret=lkernat-gitlab-openshift-falko-access-token"
|
|
fi
|
|
|
|
oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
|
|
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
|
|
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
|
|
$DB_CMDLINE
|
|
|
|
oc expose svc/ivatar
|