Accessing protected blueprint-archive for example using basic auth, API key or other (like S3 bucket) #142
Description
As you know you can use a deployment proxy plugin to download and execute an additional blueprint package (ZIP) from for example from Github or any other unauthenticated source. In our case (security measures) we want to use GitLab. But in this case we need to add authentication to the response = requests.get(url, stream=True) line of code in the utils.py (code of deployment proxy). The requests library supports adding these headers.
aws:
type: cloudify.nodes.DeploymentProxy
properties:
resource_config:
blueprint:
id: { get_input: network_deployment_name }
blueprint_archive: https://github.com/cloudify-examples/aws-example-network/archive/master.zip
# API key
**blueprint_archive_apikey: { get_secret: blueprint_archive_apikey }
# or basic auth
blueprint_archive_username: { get_secret: blueprint_archive_username }
blueprint_archive_password: { get_secret: blueprint_archive_password }**
main_file_name: simple-blueprint.yaml
external_resource: { get_input: use_existing_network_deployment }
deployment:
id: { get_input: network_deployment_name }
outputs:
vpc_id: vpc_id
public_subnet_id: public_subnet_id
private_subnet_id: private_subnet_id
ec2_region_name: ec2_region_name
ec2_region_endpoint: ec2_region_endpoint
availability_zone: availability_zone
external_resource: { get_input: use_existing_network_deployment }
reexecute: false
Can this be seen as a enhancement request to the deployment proxy to support protected blueprint archive URLs ? Like using an API key ? and adding this as a attribute that we can fill-in with a secret.
Metadata
Metadata
Assignees
Labels
No labels