jowrjowr · February 15, 2019 00:25
diff --git a/update_r10k.py b/update_r10k.py
 import subprocess                                                                                                                                                                                           
 import logging                                                                                                                                                                                              
 from systemd import journal                                                                                                                                                                                 
 from flask import Flask, jsonify, request
 app = Flask(__name__)

 @app.route('/update_r10k', methods=['GET', 'POST'])
 def update_r10k():

    # constants
    r10k_bin = '/usr/local/bin/r10k'
    r10k_conf = '/etc/puppetlabs/r10k/r10k.yaml'

    token = 'token'
    timeout = 10
    log_lvl = logging.DEBUG

    # setup logging

    logging.basicConfig(level=log_lvl)
    logger = logging.getLogger()
    logger.addHandler(journal.JournalHandler())

    remote_ip = request.environ['REMOTE_ADDR']

    # token checking is functionally a password as an additional layer of security

    if request.args.get('token') != token:
        response = { 'error': 'invalid or missing token' }
        logger.info('hook update from {} missing or invalid token'.format(remote_ip))
        return jsonify(response), 403

    # run the r10k update

    try:
        result = subprocess.run(args=[r10k_bin, 'deploy', 'environment', '-p', '-c', r10k_conf], timeout=timeout, shell=False, check=True)
        logger.info('hook update from {} successful'.format(remote_ip))
        return('', 204)
    except subprocess.CalledProcessError as err:
        logger.error('hook update from {0} failed: {1}'.format(remote_ip, err))
        return('', 500)
    except subprocess.TimeoutExpired:
        logger.error('hook update from {0} failed: timeout ({1}) expired'.format(remote_ip, timeout))
        return('', 504)

 if __name__ == '__main__':
    app.run()
	import subprocess
	import logging
	from systemd import journal
	from flask import Flask, jsonify, request
	app = Flask(__name__)

	@app.route('/update_r10k', methods=['GET', 'POST'])
	def update_r10k():

	# constants
	r10k_bin = '/usr/local/bin/r10k'
	r10k_conf = '/etc/puppetlabs/r10k/r10k.yaml'

	token = 'token'
	timeout = 10
	log_lvl = logging.DEBUG

	# setup logging

	logging.basicConfig(level=log_lvl)
	logger = logging.getLogger()
	logger.addHandler(journal.JournalHandler())

	remote_ip = request.environ['REMOTE_ADDR']

	# token checking is functionally a password as an additional layer of security

	if request.args.get('token') != token:
	response = { 'error': 'invalid or missing token' }
	logger.info('hook update from {} missing or invalid token'.format(remote_ip))
	return jsonify(response), 403

	# run the r10k update

	try:
	result = subprocess.run(args=[r10k_bin, 'deploy', 'environment', '-p', '-c', r10k_conf], timeout=timeout, shell=False, check=True)
	logger.info('hook update from {} successful'.format(remote_ip))
	return('', 204)
	except subprocess.CalledProcessError as err:
	logger.error('hook update from {0} failed: {1}'.format(remote_ip, err))
	return('', 500)
	except subprocess.TimeoutExpired:
	logger.error('hook update from {0} failed: timeout ({1}) expired'.format(remote_ip, timeout))
	return('', 504)

	if __name__ == '__main__':
	app.run()