feat(builder): expose runtime configuration during slugbuilder execution

This uses a new Config API Hook to grab the latest app configuration
and expose it to slugbuilder using `-e` flags.

While this works, it is a very good mechanism for handling user-defined
inputs on the builder.  In other words, command-injection is possible
through malformed inputs.  We must consider this as we move to refactor
the builder in Go.

Author: Gabriel Monroy

builder/templates/builder

@@ -56,12 +56,21 @@ if __name__ == '__main__':
         if rc != 0:
             raise Exception('Could not extract git archive')
         dockerfile = os.path.join(temp_dir, 'Dockerfile')
+        # pull config to be used during build
+        body = {}
+        body['receive_user'], body['receive_repo'] = user, app
+        url = "{{ .deis_controller_protocol }}://{{ .deis_controller_host }}:{{ .deis_controller_port }}/api/hooks/config"
+        headers = {'Content-Type': 'application/json', 'X-Deis-Builder-Auth': '{{ .deis_controller_builderKey }}'}
+        r = requests.post(url, headers=headers, data=json.dumps(body))
+        if r.status_code != 200:
+            raise Exception('Config hook error: {} {}'.format(r.status_code, r.text))
+        config_env = " ".join([ "-e {}='{}'".format(*kv) for kv in json.loads(r.json().get('values', '{}')).items()])
         # some applications do not have a Procfile, so only check for a Dockerfile
         if not os.path.exists(dockerfile):
             if os.path.exists('/buildpacks'):
-                build_cmd = "docker run -i -a stdin -v {cache_dir}:/tmp/cache:rw -v /buildpacks:/tmp/buildpacks deis/slugbuilder".format(**locals())
+                build_cmd = "docker run -i -a stdin {config_env} -v {cache_dir}:/tmp/cache:rw -v /buildpacks:/tmp/buildpacks deis/slugbuilder".format(**locals())
             else:
-                build_cmd = "docker run -i -a stdin -v {cache_dir}:/tmp/cache:rw deis/slugbuilder".format(**locals())
+                build_cmd = "docker run -i -a stdin {config_env} -v {cache_dir}:/tmp/cache:rw deis/slugbuilder".format(**locals())
             # run slugbuilder in the background
             p = subprocess.Popen("git archive master | " + build_cmd, shell=True, cwd=repo_dir, stdout=subprocess.PIPE)
             container = p.stdout.read().strip('\n')

controller/api/tests/test_hooks.py

@@ -118,3 +118,31 @@ def test_build_hook(self):
         self.assertIn('release', response.data)
         self.assertIn('version', response.data['release'])
         self.assertIn('domains', response.data)
+
+    def test_config_hook(self):
+        """Test creating a Config via an API Hook"""
+        url = '/api/apps'
+        body = {'cluster': 'autotest'}
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        app_id = response.data['id']
+        url = '/api/apps/{app_id}/config'.format(**locals())
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('values', response.data)
+        values = response.data['values']
+        # prepare the config hook
+        config = {'username': 'autotest', 'app': app_id}
+        url = '/api/hooks/config'.format(**locals())
+        body = {'receive_user': 'autotest',
+                'receive_repo': app_id}
+        # post without a session
+        self.assertIsNone(self.client.logout())
+        response = self.client.post(url, json.dumps(body), content_type='application/json')
+        self.assertEqual(response.status_code, 403)
+        # post with the builder auth key
+        response = self.client.post(url, json.dumps(body), content_type='application/json',
+                                    HTTP_X_DEIS_BUILDER_AUTH=settings.BUILDER_KEY)
+        self.assertEqual(response.status_code, 200)
+        self.assertIn('values', response.data)
+        self.assertEqual(values, response.data['values'])

controller/api/urls.py

@@ -165,6 +165,10 @@
 
   Create a new :class:`~api.models.Build`.
 
+.. http:post:: /api/hooks/config/
+
+  Retrieve latest application :class:`~api.models.Config`.
+
 
 Auth
 ====
@@ -279,6 +283,8 @@
         views.PushHookViewSet.as_view({'post': 'create'})),
     url(r'^hooks/build/?',
         views.BuildHookViewSet.as_view({'post': 'create'})),
+    url(r'^hooks/config/?',
+        views.ConfigHookViewSet.as_view({'post': 'create'})),
     # authn / authz
     url(r'^auth/register/?',
         views.UserRegistrationView.as_view({'post': 'create'})),

controller/api/views.py

@@ -512,3 +512,21 @@ def post_save(self, build, created=False):
             release = build.app.release_set.latest()
             new_release = release.new(build.owner, build=build)
             build.app.deploy(new_release)
+
+
+class ConfigHookViewSet(BaseHookViewSet):
+    """API hook to grab latest :class:`~api.models.Config`"""
+
+    model = models.Config
+    serializer_class = serializers.ConfigSerializer
+
+    def create(self, request, *args, **kwargs):
+        app = get_object_or_404(models.App, id=request.DATA['receive_repo'])
+        user = get_object_or_404(
+            User, username=request.DATA['receive_user'])
+        # check the user is authorized for this app
+        if user == app.owner or user in get_users_with_perms(app):
+            config =  app.release_set.latest().config
+            serializer = self.get_serializer(config)
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        raise PermissionDenied()