From a132b1544a0d8688091068563bc6a15a7c22a83b Mon Sep 17 00:00:00 2001
From: Evgeniy Alekseev <i@arcanis.me>
Date: Thu, 31 Mar 2022 03:25:53 +0300
Subject: [PATCH] create user in docker container

also fix user reading and add nocolor flag by default
---
 Dockerfile                                    |  1 +
 docker/entrypoint.sh                          | 11 ++++++++--
 package/share/ahriman/settings/ahriman.ini    |  2 +-
 src/ahriman/application/ahriman.py            |  4 ++--
 src/ahriman/application/handlers/user.py      | 21 ++++++++++---------
 .../application/handlers/test_handler_help.py |  7 +++++++
 .../application/handlers/test_handler_user.py |  9 +++-----
 tests/ahriman/application/test_ahriman.py     |  3 ---
 8 files changed, 34 insertions(+), 24 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c69a7a68..14ff1aab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,7 @@
 FROM archlinux:base-devel
 
 # image configuration
+ENV AHRIMAN_API_USER=""
 ENV AHRIMAN_ARCHITECTURE="x86_64"
 ENV AHRIMAN_DEBUG=""
 ENV AHRIMAN_FORCE_ROOT=""
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 2e838ec8..ff571f92 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -9,12 +9,12 @@ sed -i "s|database = /var/lib/ahriman/ahriman.db|database = $AHRIMAN_REPOSITORY_
 sed -i "s|host = 127.0.0.1|host = $AHRIMAN_HOST|g" "/etc/ahriman.ini"
 sed -i "s|handlers = syslog_handler|handlers = ${AHRIMAN_OUTPUT}_handler|g" "/etc/ahriman.ini.d/logging.ini"
 
-AHRIMAN_DEFAULT_ARGS=("-a" "$AHRIMAN_ARCHITECTURE")
+AHRIMAN_DEFAULT_ARGS=("--architecture" "$AHRIMAN_ARCHITECTURE")
 if [[ "$AHRIMAN_OUTPUT" == "syslog" ]]; then
     if [ ! -e "/dev/log" ]; then
         # by default ahriman uses syslog which is not available inside container
         # to make noise less we force quiet mode in case if /dev/log was not mounted
-        AHRIMAN_DEFAULT_ARGS+=("-q")
+        AHRIMAN_DEFAULT_ARGS+=("--quiet")
     fi
 fi
 
@@ -31,6 +31,13 @@ if [ -n "$AHRIMAN_PORT" ]; then
     AHRIMAN_SETUP_ARGS+=("--web-port" "$AHRIMAN_PORT")
 fi
 ahriman "${AHRIMAN_DEFAULT_ARGS[@]}" repo-setup "${AHRIMAN_SETUP_ARGS[@]}"
+# add user for api if set
+if [ -n "$AHRIMAN_API_USER" ]; then
+    # python getpass does not read from stdin
+    # see thread https://mail.python.org/pipermail/python-dev/2008-February/077235.html
+    # WARNING with debug mode password will be put to stdout
+    ahriman "${AHRIMAN_DEFAULT_ARGS[@]}" user-add --as-service --role write --secure "$AHRIMAN_API_USER" -p "$(openssl rand -base64 20)"
+fi
 
 # refresh database
 runuser -u build -- yay --noconfirm -Syy &> /dev/null
diff --git a/package/share/ahriman/settings/ahriman.ini b/package/share/ahriman/settings/ahriman.ini
index 2ce40b5f..4a87d835 100644
--- a/package/share/ahriman/settings/ahriman.ini
+++ b/package/share/ahriman/settings/ahriman.ini
@@ -21,7 +21,7 @@ archbuild_flags =
 build_command = extra-x86_64-build
 ignore_packages =
 makechrootpkg_flags =
-makepkg_flags =
+makepkg_flags = --nocolor
 
 [repository]
 name = aur-clone
diff --git a/src/ahriman/application/ahriman.py b/src/ahriman/application/ahriman.py
index 0ea32a7f..ab69d1ab 100644
--- a/src/ahriman/application/ahriman.py
+++ b/src/ahriman/application/ahriman.py
@@ -526,7 +526,7 @@ def _set_user_list_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("username", help="filter users by username", nargs="?")
     parser.add_argument("-r", "--role", help="filter users by role", type=UserAccess, choices=UserAccess)
     parser.set_defaults(handler=handlers.User, action=Action.List, architecture=[""], lock=None, no_report=True,  # nosec
-                        password="", quiet=True, role=UserAccess.Read, unsafe=True)
+                        password="", quiet=True, unsafe=True)
     return parser
 
 
@@ -542,7 +542,7 @@ def _set_user_remove_parser(root: SubParserAction) -> argparse.ArgumentParser:
     parser.add_argument("username", help="username for web service")
     parser.add_argument("-s", "--secure", help="set file permissions to user-only", action="store_true")
     parser.set_defaults(handler=handlers.User, action=Action.Remove, architecture=[""], lock=None, no_report=True,  # nosec
-                        password="", quiet=True, role=UserAccess.Read, unsafe=True)
+                        password="", quiet=True, unsafe=True)
     return parser
 
 
diff --git a/src/ahriman/application/handlers/user.py b/src/ahriman/application/handlers/user.py
index 6627f824..ac684450 100644
--- a/src/ahriman/application/handlers/user.py
+++ b/src/ahriman/application/handlers/user.py
@@ -49,20 +49,21 @@ class User(Handler):
         :param no_report: force disable reporting
         :param unsafe: if set no user check will be performed before path creation
         """
-        salt = User.get_salt(configuration)
-        user = User.user_create(args)
-
-        auth_configuration = User.configuration_get(configuration.include)
         database = SQLite.load(configuration)
 
-        if args.action == Action.List:
-            for found_user in database.user_list(user.username, user.access):
-                UserPrinter(found_user).print(verbose=True)
-        elif args.action == Action.Remove:
-            database.user_remove(user.username)
-        elif args.action == Action.Update:
+        if args.action == Action.Update:
+            salt = User.get_salt(configuration)
+            user = User.user_create(args)
+
+            auth_configuration = User.configuration_get(configuration.include)
+
             User.configuration_create(auth_configuration, user, salt, args.as_service, args.secure)
             database.user_update(user.hash_password(salt))
+        elif args.action == Action.List:
+            for found_user in database.user_list(args.username, args.access):
+                UserPrinter(found_user).print(verbose=True)
+        elif args.action == Action.Remove:
+            database.user_remove(args.username)
 
     @staticmethod
     def configuration_create(configuration: Configuration, user: MUser, salt: str,
diff --git a/tests/ahriman/application/handlers/test_handler_help.py b/tests/ahriman/application/handlers/test_handler_help.py
index 6a79db36..69150c0e 100644
--- a/tests/ahriman/application/handlers/test_handler_help.py
+++ b/tests/ahriman/application/handlers/test_handler_help.py
@@ -39,3 +39,10 @@ def test_run_command(args: argparse.Namespace, configuration: Configuration, moc
 
     Help.run(args, "x86_64", configuration, True, False)
     parse_mock.assert_called_once_with(["aur-search", "--help"])
+
+
+def test_disallow_auto_architecture_run() -> None:
+    """
+    must not allow multi architecture run
+    """
+    assert not Help.ALLOW_AUTO_ARCHITECTURE_RUN
diff --git a/tests/ahriman/application/handlers/test_handler_user.py b/tests/ahriman/application/handlers/test_handler_user.py
index 178a35ba..90c47fdc 100644
--- a/tests/ahriman/application/handlers/test_handler_user.py
+++ b/tests/ahriman/application/handlers/test_handler_user.py
@@ -54,17 +54,16 @@ def test_run(args: argparse.Namespace, configuration: Configuration, database: S
 def test_run_list(args: argparse.Namespace, configuration: Configuration, database: SQLite, user: User,
                   mocker: MockerFixture) -> None:
     """
-    must list avaiable users
+    must list available users
     """
     args = _default_args(args)
     args.action = Action.List
+    args.access = None
     mocker.patch("ahriman.core.database.sqlite.SQLite.load", return_value=database)
-    get_auth_configuration_mock = mocker.patch("ahriman.application.handlers.User.configuration_get")
     list_mock = mocker.patch("ahriman.core.database.sqlite.SQLite.user_list", return_value=[user])
 
     User.run(args, "x86_64", configuration, True, False)
-    get_auth_configuration_mock.assert_called_once_with(configuration.include)
-    list_mock.assert_called_once_with("user", UserAccess.Read)
+    list_mock.assert_called_once_with("user", None)
 
 
 def test_run_remove(args: argparse.Namespace, configuration: Configuration, database: SQLite,
@@ -75,11 +74,9 @@ def test_run_remove(args: argparse.Namespace, configuration: Configuration, data
     args = _default_args(args)
     args.action = Action.Remove
     mocker.patch("ahriman.core.database.sqlite.SQLite.load", return_value=database)
-    get_auth_configuration_mock = mocker.patch("ahriman.application.handlers.User.configuration_get")
     remove_mock = mocker.patch("ahriman.core.database.sqlite.SQLite.user_remove")
 
     User.run(args, "x86_64", configuration, True, False)
-    get_auth_configuration_mock.assert_called_once_with(configuration.include)
     remove_mock.assert_called_once_with(args.username)
 
 
diff --git a/tests/ahriman/application/test_ahriman.py b/tests/ahriman/application/test_ahriman.py
index 54e156d2..7708950f 100644
--- a/tests/ahriman/application/test_ahriman.py
+++ b/tests/ahriman/application/test_ahriman.py
@@ -485,8 +485,6 @@ def test_subparsers_user_list_option_role(parser: argparse.ArgumentParser) -> No
     """
     user-list command must convert role option to useraccess instance
     """
-    args = parser.parse_args(["user-list"])
-    assert isinstance(args.role, UserAccess)
     args = parser.parse_args(["user-list", "--role", "write"])
     assert isinstance(args.role, UserAccess)
 
@@ -502,7 +500,6 @@ def test_subparsers_user_remove(parser: argparse.ArgumentParser) -> None:
     assert args.no_report
     assert args.password is not None
     assert args.quiet
-    assert args.role is not None
     assert args.unsafe