{"id":20314475,"url":"https://github.com/release-engineering/ubi-manifest","last_synced_at":"2025-04-11T17:17:09.696Z","repository":{"id":37933918,"uuid":"436641331","full_name":"release-engineering/ubi-manifest","owner":"release-engineering","description":null,"archived":false,"fork":false,"pushed_at":"2024-10-29T10:17:14.000Z","size":1201,"stargazers_count":1,"open_issues_count":3,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-29T12:18:31.981Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/release-engineering.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-12-09T14:12:03.000Z","updated_at":"2024-10-29T10:16:27.000Z","dependencies_parsed_at":"2023-01-20T23:15:49.084Z","dependency_job_id":"8669dc45-598b-4402-aba5-ef0bcb58c903","html_url":"https://github.com/release-engineering/ubi-manifest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Fubi-manifest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Fubi-manifest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Fubi-manifest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/release-engineering%2Fubi-manifest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/release-engineering","download_url":"https://codeload.github.com/release-engineering/ubi-manifest/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248447600,"owners_count":21105140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T18:15:32.454Z","updated_at":"2025-04-11T17:17:09.678Z","avatar_url":"https://github.com/release-engineering.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# **ubi-manifest**\n[![Build Status](https://github.com/release-engineering/ubi-manifest/actions/workflows/tox-test.yml/badge.svg)](https://github.com/release-engineering/ubi-manifest/actions/workflows/tox-test.yml)\n[![codecov](https://codecov.io/gh/release-engineering/ubi-manifest/branch/master/graph/badge.svg?token=EILYTN2NON)](https://codecov.io/gh/release-engineering/ubi-manifest)\n[![Source](https://badgen.net/badge/icon/source?icon=github\u0026label)](https://github.com/release-engineering/ubi-manifest/)\n[![Documentation](https://img.shields.io/website?label=docs\u0026url=https%3A%2F%2Frelease-engineering.github.io%2Fubi-manifest%2F)](https://release-engineering.github.io/ubi-manifest/)\n\nA Flask-based service used by [release-engineering](https://github.com/release-engineering) for resolving manifests of ubi content.\n\n- [Documentation](https://release-engineering.github.io/ubi-manifest/)\n \nInstallation\n------------\nTODO - implementation in progress\n\nDevelopment\n-----------\nPatches may be contributed via pull requests to\nhttps://github.com/release-engineering/ubi-manifest.\n\nAll changes must pass the automated test suite, along with various static\nchecks.\n\nThe [Black](https://black.readthedocs.io/) code style is enforced.\nEnabling autoformatting via a pre-commit hook is recommended:\n\n```\npip install -r requirements-dev.txt\npre-commit install\n```\n\nDev-env setup:\n--------------\n\nFor running ubi-manifest related containers one can use provided docker-compose file.\nFor successful running of celery tasks, it's required to properly update the config file ./conf/app.conf\nwith credentials to pulp and gitlab repository with ubi-config files.\nThere are certs prepared in ./conf/certs/ for accessing dependent services, \nif any different certs are required, copy them to the directory.\n\nThen podman-compose can be used for building and running the service:\n```\npodman-compose build\npodman-compose up -d\n```\nService should be available at 127.0.0.0:8000.\n\nFor removing containers:\n```\npodman-compose down\n```\n\n### Spoofing authentication\n\nThe ubi-manifest service uses a reverse proxy provided by [platform-sidecar](https://gitlab.corp.redhat.com/it-platform/platform-sidecar), which adds\na special `X-RhApiPlatform-CallContext` header to all incoming requests. This header contains a\nbase64-encoded form of the following JSON object:\n```\n{\n  \"client\": {\n    \"roles\": [\"someRole\", \"anotherRole\"],\n    \"authenticated\": true,\n    \"serviceAccountId\": \"clientappname\"\n  },\n  \"user\": {\n    \"roles\": [\"reader\"],\n    \"authenticated\": true,\n    \"internalUsername\": \"someuser\"\n  }\n}\n```\nThe roles and authenticated fields influence whether a request will be permitted.\n\nCurrently ubi-manifest uses two roles:\n- **creator** - submitting requests for manifest creation\n- **reader** - retrieving created manifests and task states\n\nRoles are assigned to users/services according to the current LDAP groups.\n\nHowever, when running the service as described above, there is no platform sidecar available to\nhandle the authentication and authorization. Therefore, during development, arbitrary values for\nthe `X-RhApiPlatform-CallContext` header can be used to provide the required auth information.\nDue to the format of this header, generating these values by hand can be cumbersome.\n\nTo assist with this, a helper script is provided in the ubi-manifest repo at `scripts/call-context`.\nThis script accepts any number of role names as arguments and produces a header value which will\nproduce an authenticated \u0026 authorized request using those roles.\n\nFor example, if we want to use curl to make a request to an endpoint which requires a `creator`\nrole, we can use the following command:\n```\n   curl \\\n     -v POST --json '{\"repo_ids\": [\"some_repo1\", \"some_repo2\"]}' \\\n     -H \"X-RhApiPlatform-CallContext: $(scripts/call-context creator)\" \\\n     http://127.0.0.1:8000/api/v1/manifest\n```\n\nLicense\n-------\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-engineering%2Fubi-manifest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frelease-engineering%2Fubi-manifest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frelease-engineering%2Fubi-manifest/lists"}