xactfetch

dustin

Go to file

Dustin ddee93c8e4 Import CSV files via HTTP importer Since I ulimately want to run `xactfetch` in Kubernetes, running the importer in a container as a child process doesn't make much sense. While running `podman` in a Kubernetes container is possible, getting it to work is non trivial. Rather than go through all that effort, I think it makes more sense to just use HTTP to communicate with the importer I already have running. I had originally chosen not to use the web importer because of how I have it configured to use Authelia for authentication. The importer itself does not have any authentication beyond the "secret" parameter (which is not secret at all, given that it is passed in the query string and thus visible to anyone and stored in access logs), so I was hesitant to add an access control rule to bypass authentication for the `/autoupload` path. Fortunately, I discovered that Authelia will use the value of the `Proxy-Authorization` header to authenticate the request without redirecting to the login screen. With just a couple of lines in the Ingress configuration, I got it to work using the regular `Authorization` header as well: ```yaml kind: Ingress metadata: annotations: nginx.ingress.kubernetes.io/auth-snippet: \| proxy_set_header Proxy-Authorization $http_authorization; proxy_set_header X-Forwarded-Method $request_method; nginx.ingress.kubernetes.io/configuration-snippet: \| proxy_set_header Authorization ""; ```	2023-12-12 08:09:40 -06:00
.gitignore	Initial commit	2023-05-09 14:08:23 -05:00
pyproject.toml	Initial commit	2023-05-09 14:08:23 -05:00
xactfetch.py	Import CSV files via HTTP importer	2023-12-12 08:09:40 -06:00

Dustin ddee93c8e4 Import CSV files via HTTP importer

Since I ulimately want to run `xactfetch` in Kubernetes, running the
importer in a container as a child process doesn't make much sense.
While running `podman` in a Kubernetes container is possible, getting it
to work is non trivial.  Rather than go through all that effort, I think
it makes more sense to just use HTTP to communicate with the importer I
already have running.

I had originally chosen not to use the web importer because of how I
have it configured to use Authelia for authentication.  The importer
itself does not have any authentication beyond the "secret" parameter
(which is not secret at all, given that it is passed in the query string
and thus visible to anyone and stored in access logs), so I was hesitant
to add an access control rule to bypass authentication for the
`/autoupload` path.  Fortunately, I discovered that Authelia will use
the value of the `Proxy-Authorization` header to authenticate the
request without redirecting to the login screen.  With just a couple of
lines in the Ingress configuration, I got it to work using the regular
`Authorization` header as well:

```yaml
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-snippet: |
      proxy_set_header Proxy-Authorization $http_authorization;
      proxy_set_header X-Forwarded-Method $request_method;
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header Authorization "";
```

2023-12-12 08:09:40 -06:00

.gitignore

Initial commit

2023-05-09 14:08:23 -05:00

pyproject.toml

Initial commit

2023-05-09 14:08:23 -05:00

xactfetch.py

Import CSV files via HTTP importer

2023-12-12 08:09:40 -06:00