update dashboard to use remote image

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -35,7 +35,7 @@
     satosa_certbot: false
     proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
     entity_id: 'https://test-sso-proxy.cert.sunet.se/idp'
-#  soc::vuln_dashboard:
+  soc::vuln_dashboard:
 
 '^internal-sto3-dev-ci-1.cert.sunet.se$':
   sunet::dockerhost2:

global/overlay/etc/puppet/modules/soc/manifests/vuln_dashboard.pp

@@ -1,19 +1,24 @@
 class soc::vuln_dashboard(
-  String            $allowed_hosts    = $facts['networking']['fqdn'],
+  String            $allowed_origins    = $facts['networking']['fqdn'],
   String            $docker_tag       = 'latest',
   String            $db_datadir       = '/opt/vuln-dashboard/dbdata',
   String            $pocs_storage_dir = '/opt/vuln-dashboard/pocsdata',
   String            $sso_service_name = 'dashboard-dev',
+  String            $admin_contact    = 'cert@cert.sunet.se',
+  String            $docker_image     = 'platform.sunet.se/verglasz/vuln-management/dashboard-dev',
+  String            $sso_proxy_network= 'sso',
 ) {
 
-$db_name=lookup('vuln-dashboard.dn_name', undef, undef, 'sunet')
+$db_name=lookup('vuln-dashboard.dn_name', undef, undef, 'vuln_dashboard')
-$db_user=lookup('vuln-dashboard.db_user', undef, undef, 'playground')
+$db_user=lookup('vuln-dashboard.db_user', undef, undef, 'dashboard_app')
 $db_pass=lookup('vuln-dashboard.db_pass', undef, undef, 'password')
 $db_port=lookup('vuln-dashbaord.db_port', undef, undef, '5432')
 $db_host=lookup('vuln-dashboard.db_host', undef, undef, 'postgres')
 $censys_api_secret=lookup('vuln-dashboard.censys_api_secret', undef, undef, 'null')
 $censys_api_id=lookup('vuln-dashboard.censys.api_id', undef, undef, 'null')
 
+$app_config_file='/opt/vuln-dashboard/app-config.yaml'
+
 file {
   '/opt/vuln-dashboard':
     ensure => directory,
@@ -24,6 +29,12 @@ file {
   $pocs_storage_dir:
     ensure => directory,
     ;
+  $app_config_file:
+	ensure => file,
+	mode => '0600',
+	content => template('soc/vuln-dashboard/app-config.yaml.erb'),
+	;
+
 }
 
 sunet::docker_compose { 'vuln-dashboard':

global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/app-config.yaml.erb

@@ -0,0 +1,39 @@
+config:
+  poc_dir: "<%= @pocs_storage_dir %>"
+  admin_contact: "<%= @admin_contact %>"
+  asn_list:
+    - 1653
+    - 2831
+    - 2832
+    - 2833
+    - 2834
+    - 2835
+    - 2837
+    - 2838
+    - 2839
+    - 2840
+    - 2841
+    - 2842
+    - 2843
+    - 2844
+    - 2845
+    - 2846
+    - 3224
+    - 5601
+    - 8748
+    - 8973
+    - 9088
+    - 12384
+    - 15980
+    - 16251
+    - 25072
+    - 39590
+    - 41001
+    - 42307
+    - 42381
+    - 43018
+    - 43665
+    - 43844
+    - 48514
+    - 61282
+    - 207113

global/overlay/etc/puppet/modules/soc/templates/vuln-dashboard/docker-compose.yml.erb

@@ -5,10 +5,10 @@ services:
   # app files are mounted for quick-reload and fast iterations
   dev:
     container_name: <%= @sso_service_name %>
+    hostname: <%= @sso_service_name %>
     depends_on:
       - postgres
-    image: dashboard-dev:<%= @docker_tag %>
+    image: <%= @docker_image %>:<%= @docker_tag %>
-    pull_policy: never
     environment:
       DB_NAME: <%= @db_name %>
       DB_USER: <%= @db_user %>
@@ -17,15 +17,15 @@ services:
       DB_PORT: <%= @db_port %>
       CENSYS_API_ID: <%= @censys_api_id %>
       CENSYS_API_SECRET: <%= @censys_api_secret %>
-      DJANGO_ALLOWED_HOSTS: <%= @allowed_hosts %>
+      DJANGO_ALLOWED_HOSTS: <%= @sso_service_name %>
-    ports:
+      DJANGO_ALLOWED_ORIGINS: <%= @allowed_origins %>
-      - "127.0.0.1:8000:8000"
     init: true
     volumes:
       - pocs-data:/app/stored_pocs
+      - "<%= @app_config_file %>:/app/config.yml:ro"
     networks:
       - default
-      - sso
+      - sso-proxy
 
   postgres:
     container_name: postgres
@@ -55,5 +55,6 @@ volumes:
       type: none
 
 networks:
-  sso:
+  sso-proxy:
     external: true
+    name: <%= @sso_proxy_network %>